Small- and medium-sized businesses are losing $1.2 billion (£785 million) per year to cybercrime, according to a joint report published by the Federation of Small Businesses (FSB) and the Home Office and Business Departments in the United Kingdom.
Despite this, fewer than 20 percent of businesses said they have taken no steps to harden their organizations against such crime and only 36 percent of businesses are regularly installing vendors’ security patches, according to the report that focused mainly on the United Kingdom. One positive note is 60 percent of businesses said they actively keep their antivirus software up-to-date.
These numbers just represent the UK, if you extrapolate the numbers and add them to the losses garnered by small to medium business across the globe, the numbers would appear staggering.
The FSB is a small business advocacy group with 200,000 members in the UK. In its report, the FSB found 41 percent of its members had been the victims of a cyber attack in the last year. The average cost of cybercrime-related losses was $6000 (£4000) per business. Three out of 10 FSB members were victims of fraud, the two most common types of which were either targeting clients or card not present theft – meaning criminals used their payment data to make fraudulent purchases.
The most prevalent threat to these businesses was virus infection, which affected 20 percent of businesses, followed by hacking, which affected 8 percent of businesses, and security breaches, which affected 5 percent of businesses.
More broadly, the FSB expressed concerns that cybercrime is damaging the wider economy as small businesses show more reluctance toward conducting business and trading online. Furthermore, because of this trepidation, a third of businesses are conducting sales on their own websites.
Mike Cherry, the FSB’s national policy chairman, said businesses are also passing on higher revenue potential because of their refusal to adopt new technologies for fear there is not adequate protection available to guard them against cybercrime.
In order to help alleviate the cost of cybercrime, the FSB made the following suggestions:
• Businesses should implement a combination of security protection solutions
• Regularly install security updates on all software and devices
• Maintain a resilient password policy
• Secure their wireless networks
• Establish clear policies for email, Internet and mobile devices
• Train staff in good security practices and consider employee background checks
• Create and test backup plans, information disposal and disaster recovery procedures
• Conduct regular security risk assessments to identify important information and systems
• Do regular security testing on business websites
• Check provider credentials and contracts when using cloud services
The report came from a survey of 2,667 members of the FSB between September 20 and October 3, 2012.