UK small businesses are underestimating the impact of a cyber attack. This could have an effect on their reputation so businesses must take steps to protect themselves, according to the findings of the Small Business Reputation and the Cyber Risk report, launched today by the Government’s Cyber Streetwise campaign and KPMG.
Despite the vast majority (93%) of small businesses surveyed thinking about their company’s reputation frequently or all the time, they aren’t considering how a breach could affect it. In fact, less than a third (29%) of small companies surveyed that haven’t experienced a breach say the potential damage a cyber breach could cause is an “important” consideration.
However 83% consumers surveyed are now concerned about which businesses have access to their data and whether it’s safe, and over half (58%) say that a cyber breach would discourage them from using a business in the future.
This concern is even greater in the supply chain. Recently published KPMG Supply Chain research supports this ; 86% of procurement departments would consider removing a supplier from their roster due to a breach, highlighting that an attack can have serious short and long term implications. 94% of procurement managers say that cyber security standards are important when awarding a project to an SME supplier.
This is reflected by the fact that the majority (89%) of small businesses surveyed who have experienced a breach felt the attack impacted their reputation in some way, with 31% of those having been breached reporting brand damage, 30% reporting a loss of clients and a quarter receiving negative reviews on social media.
And the impact has been long lasting. One in four (26%) of those surveyed who have experienced a breach have been unable to grow in line with previous expectations, and almost a third (31%) said it took over six months for the business to get back on track. Quality of service is also a risk; those who experienced a cyber breach found it caused customer delays (26%) and impacted the business’ ability to operate (93%).
The lack of concern around potential reputation damage may be explained by the fact that many small businesses don’t realise the value of their data. The vast majority (95%) of small companies surveyed hold data in the IT systems, yet more than a fifth of those surveyed (22%) don’t consider it to be commercially sensitive. Even though customer, financial and IP data can be shared with competitors if a company is attacked, just one in five (19%) small businesses said they would be immediately concerned about competitors gaining advantage if they were breached.
The report also reveals that many small businesses (51%) surveyed don’t think they will be a target for an attack, despite the majority of consumers worrying about the security of their data, especially in the hands of small businesses.
Danny Lawrence, NPCC National Cyber PROTECT Coordinator, comments: “A cyber attack may prove so serious that it impairs an organisation’s ability to operate and even function longer term. Doing nothing can no longer be an option – small and medium sized businesses place their reputation and existence on the line if they fail to take action. I would encourage all SMEs to consider their cyber security, seek out support from resources available (such as Cyber Streetwise and the Cyber Essentials scheme) and consider making this piece of work a critical part of their business strategies in 2016.”
George Quigley, a partner in KPMG’s cyber security practice, comments: “Small businesses know that their reputation is critical to their success but it seems that many haven’t considered quite how many factors can affect it. Every piece of data in a business can be of interest to a cyber criminal – even if the business itself may not realise it – and with small and medium sized businesses a key target for this very reason - it’s vital to take steps to protect your data, and with it the trust of your customers and ultimately your reputation.”
Sandra Dexter, Vice-Chairman for the Federation of Small Businesses, comments: “Small businesses need simple, straightforward cyber security advice like that provided by Cyber Streetwise. All small firms should now be aware of the risks, and take steps to protect themselves against the escalating level of cyber crime. Cyber breaches can happen to any business, any size and the repercussions should not be underestimated, leading to damaged reputations, hindered growth and in the worst cases, entrepreneurs being put out of business. Building the resilience of small businesses to cyber crime is important and should be high on all business owners’ list of priorities.”
Cyber Streetwise is encouraging small businesses and consumers across the UK to do three simple things to improve their online security and protect themselves from cyber crime:
The Government also offers a free cyber security guide, a free online training course for small businesses and the Cyber Essentials scheme to protect against common internet threats. Visit www.cyberstreetwise.com to learn more about the simple steps to stay cyber secure.
Notes to editors
For further information please contact:Consolidated PR
T: +44 (0)20 3697 4395
To join the conversation online follow @cyberstreetwise
About the research
1,000 small businesses and 1,000 consumers across the UK were surveyed in December 2015 via an online survey. The small businesses surveyed were senior decision makers in businesses with up to 25 employees (including sole traders). The findings in this report refer only to the small businesses and consumers surveyed. The survey of procurement leaders in organisations with 250+ staff was conducted by KPMG and 3Gem in September 2015.
About Cyber Streetwise
1. Cyber Streetwise is a cross-government awareness and behaviour change campaign delivered by the Home Office in conjunction with the Department for Culture, Media and Sport (DCMS) alongside the National Crime Agency and Action Fraud and funded by the National Cyber Security Programme in the Cabinet Office.
2. The National Cyber Security Programme and UK Cyber Security Strategy: As set out in the Chancellor’s speech of 17 November there will be investment to protect Britain from cyber attack totalling £1.9 billion over five years. The UK Cyber Security Strategy sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment. The National Cyber Security Programme (NCSP) managed by the Cabinet Office provides £860 million of funding until 2016. It coordinates and funds work undertaken by government departments, agencies and law enforcement to implement the UK Cyber Security Strategy. Information on progress against the strategy and achievements of the National Cyber Security Programme can be found at www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace.
KPMG LLP, a UK limited liability partnership, operates from 22 offices across the UK with approximately 12,000 partners and staff. The UK firm recorded a revenue of £1.96 billion in the year ended September 2015. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 155 countries and has 174,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.