View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

SMEs hit with 7 million cyber crime attacks per year in £5.26 billion blow to UK economy

News: Federation of Small Business survey finds that phishing and spear phishing are the top reported attacks.

By Alexander Sword

Small businesses are the hardest hit by cyber crime, with smaller firms in the UK hit collectively seven million times per year.

According to a report by the Federation of Small Businesses (FSB), these attacks cost around £5.26 billion to the UK economy.

While 93 percent of small firms are trying to protect their businesses, 66 percent had been the victim of cyber crime in the last two years.

The main culprit was phishing attacks, which were reported by 49 percent of respondents. Spear phishing, a more targeted version of phishing, was reported by 37 percent.

Phishing emails attempt to trick users into clicking a malicious link or providing personal information. Meanwhile, Norton defines spear phishing as "an email that appears to be from an individual or business that you know. But it isn’t."

Both types of Phishing had the highest incidence in the arts, entertainment and recreation sector, followed by Professional, scientific and technical activities.

Malware attacks were reported by 29 percent of the respondents.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Denial of service attacks had been experience by 5 percent of respondents, while ransomware, becoming an increasing concern for businesses, hit 4 percent of respondents.

The vulnerability of these companies to these kinds of online attacks were driven by the fact that 99 percent of small firms rated the internet as highly important to their business.

According to the report, there were some key areas where these firms could improve security. Only 24 percent had a strict password policy, four per cent had a written plan of what to do if attacked online, and two per cent had a recognised security standard such as ISO27001 or the Government’s Cyber Essentials scheme.

The FSB called on the Government to do more to protect the cyber security of this vulnerable sector.

"Small firms take their cyber security responsibility very seriously but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks.

"We’re calling on Government, larger businesses, individuals and providers to take part in a joint effort to tackle cyber crime and improve business resilience."

Geoff White, underwriter at Lloyd’s, said: "Many UK businesses are not aware of how exposed they are, believing they are too small or have nothing worth stealing to be a victim of a cyber-attack. However, technology is so fundamental to how businesses run that cyber is a risk regardless of size or industry.

"We know it’s now a matter of "when, not if" a company suffers a cyber-attack or breach, but they shouldn’t be company-ending events. Businesses should look into a wide protection, including cyber insurance, to protect their balance sheet and help get them back on their feet."

The survey, called ‘Cyber Resilience: How to protect small firms in the digital economy’ had 1006 completed responses from FSB members.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.