Cybercrime is biggest threat to small and medium-size firms ‘by far’

Lapses in cybersecurity can kill small businesses, lobby group says.

The UK's definition of an SME -- a small to medium enterprise -- is any business with up to 250 employees, but no upper floor on the financial threshold. Speaking at the Counter Terrorism Expo in London's Olympia today, the Federation of Small Business' Home Office and MoJ Policy Unit Chair Richard Parlour laid out just why cyber security is so critical for the sector.

According to Parlour, there are 5.8 million businesses in the UK and a staggering 99 percent of them count as SMEs. The FSB's job as a lobby group is, he says, to protect businesses, save them money, and also help them grow.

But recent figures show that 80 percent of SMEs hit by major cyber incidents don't live longer than two years after the fact -- and although there's growing awareness about the importance of cyber security, many SMEs might still not be taking it into consideration.

"We cover business crime, and of the business crimes, cyber crime is our biggest issue and growing," Parlour said. "There's an awful lot of different threats out there, but the biggest one out there by far is cybercrime for us at the moment."

The FSB is trying to explain to its members that the risk they face from cybercrime is multifaceted - from hacktivism, criminal fraud, and "to a growing extent, corporate espionage."

Figures from Allianz's annual business risk report point to enormous growth in cyber crime as a threat, leaping from number five in the last report to third place this year. Security breaches are up, and the cost and scale of them has doubled over the last year.

Parlour said that in 2016, 71 percent of SMEs suffered some kind of security breach, and these come with potentially disastrous knock-on effects in addition to the initial damage: problems with supplier relationships, contract losses, or staff spending their time firefighting rather than focusing on business growth.

"Our survey we ran last year was a bit disturbing," Parlour said. "First of all, two thirds of SMEs thought they were not open to cyber attack, and only one in seven had improving cyber security as a top priority."

There was a lack of awareness for smaller companies who did not realise they were just as likely to be a target as the headline-grabbing breaches that hit TalkTalk and Yahoo.

"There's a growing awareness these people are part of a bigger supply chain and they can be the weaker link on the way in," Parlour explained. "Awareness is increasing, but it's quite slow at the moment. And of course a lot of the advice you'll see on various websites is things like: if you're subject to attack, have a look at your cyber controls. And people will say: 'Thank you very much, now what will I do with that? So there needs to be detailed, simple, practical steps which SMEs can take."

