Almost 90% of SMEs are not insured for cybercrime despite recognising it as the biggest threat to their business, a new study has found.
A survey of more than 500 small business owners across the UK found that 86% thought a cyber-attack was possible with 56% saying the likely impact would be the cost to clean up.
But only 12% admitted having insurance in place to cover the bill.
Kerri-Ann Hockley, head of customer service at digital insurance broker PolicyBee, which carried out the research, said: “The average cost of a cyber-attack on a small business is £25,000 in damaged assets, financial penalties and business downtime.
“The reality is that the cost of a cyber-attack can shut you down and yet there remains a ‘head in the sand’ attitude to how big a threat this is.”
Claims that PolicyBee have been aware of include an accountant who fell for a convincing email scam and paid out £25,000 from her largest client’s funds to a fraudster. The accountant was insured and the insurer was able to negotiate, after assessment from a cyber security firm, a reduced settlement of £19,000 including costs.
Miss Hockley said: “In most cases, companies have worked with IT specialists so their software and equipment has been in the hands of professionals but even the best is not 100% safe.
“This should act as a stark warning for business owners and IT decision-makers. You need a three-pronged approach to cover yourself: excellent IT protection, well-trained staff and the right insurance cover.”
According to the results of the survey, 33% of business owners had installed further IT security, 30% had asked a consultant to add more robust measures to back up data and 15% had educated staff on how to avoid scammers online.
“The problem is that people see cybercrime as an IT issue,” said Miss Hockley. “They think that because IT have put measures in place, they are safe. But the fact is that even with excellent security measures in place, there can be breaches.
“What’s more, although cyber security most often makes it into the headlines because of large breaches at larger companies and corporations, the most frequent threat is actually to small and medium-sized businesses, because they are likely to be less well protected.”
According to research from business internet provider Beaming, almost two-thirds of UK companies employing between 10 and 49 people – the equivalent of 130,000 businesses nationwide – fell victim to some form of cybercrime last year.
There has also been a rise in the number of attacks being reported.
In the same report, nearly two-thirds (63%) of small businesses reported being a victim of cybercrime in 2018, up from 47% of small businesses in 2017 and 55% in 2016.
And, according to insurance provider Hiscox, one in three small businesses suffered a cyber-attack last year – with one business attacked every 19 seconds.
Attacks included phishing, ransomware, social engineering, malware, phreaking, a virus, website defrauding and hacking.
Miss Hockley said: “Unfortunately the threat of a cyber-attack is increasing all the time, with hackers finding ever more sophisticated ways to breach corporate defences to gain access to customer names, email addresses, and even bank details.
“All it takes is for an unwitting employee to open the wrong email attachment and hackers could instantly have access to a company’s data or systems.”