Small businesses are at high risk of cybercrime - More Than Accountants Skip to the content
  • 0161 804 0808
  • info@morethanaccountants.co.uk

More Than AccountantsMore Than Accountants
  • Who We Help
    • Sole Trader Accounting
    • Small Business Accountants
    • Limited Company Accountants
    • Partnership
    • Limited Liability Partnerships
    • Contractor Accountants
    • Xero Accountants
  • Online Accountancy Services
    • Company Accounts
    • Tax Returns
    • VAT Returns
    • Bookkeeping Services
    • Financial Reports
    • Payroll Services
  • Knowledge
    • Blog
  • Contact Us

Get A Quote

  • Who We Help
    • Sole Trader Accounting
    • Limited Company Accountants
    • Partnership
    • Limited Liability Partnerships
    • Contractor Accountants
  • Online Accountancy Services
    • Company Accounts
    • Tax Returns
    • VAT Returns
    • Bookkeeping Services
    • Financial Reports
    • Payroll Services
  • Quote Online
  • Blog
  • Contact Us
Categories
Business Practice

Small businesses are at high risk of cybercrime

  • Post author By Lesley Slack
  • Post date June 30, 2022
  • No Comments on Small businesses are at high risk of cybercrime


Small businesses are prime targets for cybercrime. This comes as a surprise to many small business owners, who often think cybercriminals focus their energy on infiltrating larger organisations. But a combination of weak cybersecurity systems, vulnerable IT infrastructures, and lack of employee training could leave small businesses susceptible to devastating attacks.


The 2022 Cyberthreat Defense Report shows that over eight in ten businesses in the UK were victim to at least one successful attack in the 12 months preceding its publication. According to GOV.UK statistics, medium and large businesses are more frequently targeted (companies with more employees offer more entry points to those looking for a way in), but small businesses within supply chains are often the means to access the networks of larger organisations.


A higher number of employees working remotely has also left companies vulnerable to attack; those rushing to implement work from home technologies in response to COVID-19 restrictions in 2020 may well have unrecognised weaknesses in their networks, waiting to be exploited by hackers.

Want to switch to More Than Accountants? You can get an instant quote online by using the form below. In a like for like comparison for services we are up to 70% cheaper than a high street accountant.


The most common types of cyberattack

Cyberattacks are actions that target a computer or network to change, destroy, or steal data. Sometimes they simply cause disruption, and harm the ability of the victim’s IT network to function normally. They may consist of data theft (such as misappropriation of customer data, financial information, or business strategic information) or digital vandalism, which aims to inflict damage to the network in some way.


Ransomware attacks


A ransomware attack involves taking data hostage using a virus installed illegally onto a computer or IT network. Criminals demand a payment in exchange for releasing the information. In 2021, over three quarters of UK businesses were victims of ransomware, and more than eight in ten of these paid the attackers to release their information.


Phishing


Emails containing malicious links that, when clicked on, provide an opportunity for cybercriminals to gain access to a computer, are the most common type of cyberattack. In 2021, over 90% of UK businesses fell victim to a phishing scam. Emails are sent out indiscriminately and in bulk with the hope that employees click on the links within. They often closely resemble real company emails, making it difficult to distinguish them from legitimate communications.


Man-in-the-middle attacks


It’s possible for cybercriminals to position themselves in the centre of communications between two parties (unbeknownst to them), and effectively spy on the data shared between them. When an email is sent, it is intercepted (and sometimes modified) before it reaches its intended recipient. Companies that use strong encryption processes or VPNs are less vulnerable to these types of attack.


Denial of service


Denial of service attacks prevent genuine users from accessing services by overwhelming the system with illegitimate requests. The site must respond to each fake request, which drains its ability to respond to real users and can result in complete shutdown. Ultimately a business will experience loss of revenue (which is particularly problematic for those reliant on ecommerce channels), and high expenses to bring the site back to normal function


Attacks on character or business reputation


Hackers that gain access to a website or social media account can cause huge disruption by changing passwords and modifying the information therein. This could materialise as attacks on character or culminate in reputational damage to the business – particularly if the updated content is offensive. It also leaves sensitive data open for hackers to access, which could result in a GDPR breach.


How much does cybercrime cost a business?


The cost to a business can be high; not only in a monetary sense but also through the detrimental effect on reputation and consumer confidence. Money, data, and assets can all be lost during an attack. According to GOV.UK, the proportion of businesses experiencing negative outcomes after an attack has reduced over the last few years, likely the result of better basic cybersecurity measures following the introduction of GDPR regulations in 2018.


Overall, the cost can be catastrophic for small businesses.


Cost of repairing the damage


Time and money must be spent repairing any damage caused by a cybersecurity breach. While the actual average cost of this varies depending on the source (£8,460 per GOV.UK, £25,700 per a 2019 World Economic Forum article) it is likely to be substantial to a small business. A full investigation into how the breach happened is necessary, and further money spent on a solution. Many small businesses will need the help of external cybersecurity experts for this.


Revenue lost while systems are offline for repair and customers lost as a direct result of the breach both reduce profit.


Reputational damage


Many years of building up a strong brand identity can all be lost in an instant following a cyberattack; customer trust may never recover.


Larger companies often feature in the media following cyber incidences – such as British Airlines, victim to a cyberattack in 2018 where sensitive data of 429,612 staff and customers were accessed – and seem to bounce back fairly unscathed; for smaller businesses with a modest customer base this can be much harder.


Asset theft


Access to bank account information and credit details can lead to theft of funds from the business. Banks are obligated to refund money stolen via fraud from consumer accounts but may not necessarily cover the cost of theft from a business account. Those that do may carry out lengthy investigations before any cash can be returned, impacting a business’s immediate cash flows.


Litigation costs and compensation to data subjects


Fines for GDPR breaches can be significant. In the example above, British Airlines were dealt a £20 million fine for its poor security measures. Though small businesses are unlikely to face a fine of this scale, failure to implement adequate security measures – particularly in relation to client data – could result in a substantial fine if a breach were to occur.


Small businesses are vulnerable


Small businesses often lack the resources to fund elaborate cybersecurity systems, leaving them vulnerable to external attack. They may also lack robust cybersecurity training programmes, increasing the risk of an employee clicking on a malicious link. Large companies are probably more frequently attacked, but better security improves their chances of detecting and preventing it.


Smaller businesses are less likely to appoint a dedicated IT information security officer. This means the person responsible for IT security is unlikely to be an expert, and IT systems may not be entirely up to date.


Paucity of regular data back-ups means loss of data could severely disrupt business continuity in the event of an attack. Disaster recovery may not be a priority for smaller businesses who aren’t expecting to be targeted by cybercriminals.


Recent global events have also increased the cybersecurity risks for businesses. Since the start of the COVID-19 pandemic, a large proportion of employees have worked remotely. This creates more potential weaknesses for criminals to manipulate. Many companies do not use two factor authentication, and unsecured home wi-fi networks put communications at risk. The Russian invasion of Ukraine and the West’s unity against it could also result in a rise in cyberattacks from overseas.


Ways to improve cybersecurity

Employee awareness training, regular system back-ups, security testing (penetration testing simulates an attack to ensure security systems are working as expected), strong passwords, two-factor authentication, and real-time monitoring of networks are all key to improving security. Many small businesses do not have the internal resources to implement all of these themselves, and often need help from an external expert.


The GCA Cybersecurity Toolkit provides free cybersecurity advice to encourage organisations to reduce their cyber risk. It gives small businesses an opportunity to improve their cybersecurity using advice from world-leading experts, without breaking the bank.


Cloud systems have become popular in recent years due to better accessibility of data to remote workers. Increased security is a prominent feature of cloud-based accounting systems; cloud providers invest in cybersecurity and data encryption so that information can be stored securely. Data is automatically backed-up to the cloud, which promotes business continuity and offers a safety net as part of a business recovery plan.


More than Accountants use Xero – a cloud-based accounting software system designed with small businesses in mind – to manage all client accounts. If you are interested in hearing more about how we can help, please get in touch.


The risk is real


Small businesses may be attacked by cybercriminals as a primary target, or to gain access to larger companies via their supply chain. The size of small businesses may mean security is suboptimal, and the costs of an attack could be substantial. The statistics speak for themselves, and most businesses should expect to be the victim of a cybercrime at some point. Preparation is therefore key to minimise the financial impact and business disruption when it does happen.


Sources


Anon 2022, 2022 Cyberthreat defense report, CyberEdge Group, viewed 21 June 2022, CyberEdge-2021-CDR-Report-v10–ISC2-Edition.ashx


Anon 2021, Official statistics: Cybersecurity breaches survey 2021, GOV.UK, viewed 21 June 2022 Cyber Security Breaches Survey 2021 – GOV.UK (www.gov.uk)


Jones C 2022, More than 80% of UK businesses paid ransomware demands in 2021, ITPro, viewed 22 June 2022, 80% of UK businesses paid ransomware demands in 2021 | IT PRO


Media Centre 2020, ICO fines British Airways £20m for data breach affecting more than 400,000 customers, ICO, viewed 22 June 2022, ICO fines British Airways £20m for data breach affecting more than 400,000 customers | ICO


Jordan A & Bates A 2019, Helping small businesses fight cybercrime benefits the global ecosystem, World Economic Forum, viewed 22 June 2022, Helping small businesses fight cybercrime benefits the global ecosystem | World Economic Forum (weforum.org)


Rose A 2022, How conflict in Ukraine could revolutionize the ransomware threat. Proofpoint, viewed 22 June 2022, How Conflict in Ukraine Could Revolutionize the Ransomware Threat | Proofpoint UK


GCA 2022, Free cybersecurity tools to secure your organization. GCA Cybersecurity Toolkit, viewed 22 June 2022 GCA Cybersecurity Toolkit Home – GCA Cybersecurity Toolkit | Tools and Resources to Improve Your Cyber Defenses (gcatoolkit.org)

Share this post

By Lesley Slack

Lesley is a business writer, chartered accountant and ex-doctor who loves to keep readers up to date on important financial issues. Lesley can usually be found tapping away at her laptop, crunching numbers, or being chased around the park by her two-year-old son.

View Archive →

← Practical considerations when setting up a new business in the UK → Cash flow: keeping small business owners awake at night?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

By Lesley Slack

Lesley is a business writer, chartered accountant and ex-doctor who loves to keep readers up to date on important financial issues. Lesley can usually be found tapping away at her laptop, crunching numbers, or being chased around the park by her two-year-old son.

View Archive →
  • 0161 804 0808
  • Get An Online Quote

Registered office :
Nautica House, Ground Floor,
Waters Meeting Road, Bolton,
Lancashire, BL1 8SW

0161 804 0808
info@morethanaccountants.co.uk

Who We Help

  • Sole Traders
  • Limited Companies
  • Partnerships
  • Limited Liability Partnerships
  • Contractor Accountants
  • Small Business Accountants
  • Xero Accountants
Linkedin Youtube Facebook

Services

  • Company Accounts
  • Tax Returns
  • VAT Returns
  • Bookkeeping Services
  • Financial/Management Reports
  • Payroll Services

Resources

  • Knowledge Base
  • Blog
  • Quoting Tool
  • Accountancy News
  • Accountancy Software
  • Business Funding
  • Business Practice
  • Business Tools and Process Automation
  • Company News
  • Customer Relationship Management CRM
  • Entrepreneurship
  • Industry News
  • Marketing

Recent Blog Posts

Recent Posts
  • AI and automation for small businesses: time well spent
  • Greenwashing: what is it and how can small businesses avoid it?
  • Small retailers face the brunt of dwindling sales as consumer confidence plummets
  • Work-life balance: is it possible for small business owners?
  • Renewable energy: a small business perspective

©  2023 More Than Accountants Limited 

More Than Accountants is a limited company registered in England under company number 09974015.
Content is for general information only. Always take advice.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT