New research has found that a majority of SMEs (89%) who have suffered a data breach say it has had an impact on their reputation. Despite this, the survey – Small Business Reputation & The Cyber Risk’ – of 1,000 small businesses and 1,000 consumers carried out across the UK by Cyber Streetwise and KPMG, has revealed that less than a quarter (23%) of small businesses cited cyber security as one of their top concerns.
This disconnect is all the more surprising given how highly UK businesses value their reputation as one of their key assets, with 93% of those surveyed thinking about their reputation frequently, or indeed all the time. Only 29% of small companies that haven’t experienced a breach say the potential damage a cyber breach could cause is an important consideration.
Brand damage and loss of clients
Among those who have experienced a breach however, the stark reality of what a data breach can do to a small business is laid bare: nearly a third (31%) said the attack had led to brand damage, while 30% say an attack led to loss of clients. Over a quarter (26%) found the data breach also caused customer delays, with the overwhelming majority (93%) saying the attack had impacted the business’ ability to operate.
Given the low number of companies who rate cyber security as one of their top concerns however, it is also interesting to see what their potential customers think about the risk. Of the consumers surveyed for the study, 83% are concerned about which businesses have access to their data and 58% said that a breach would discourage them from using a business in the future. This view is reinforced by a recently published KPMG Supply Chain research, which found that 94% of procurement managers say that cyber security standards are important when awarding a project to an SME supplier and 86% would consider removing a supplier from their roster due to a breach.
Am I a target?
Aside from reputation, the Small Business Reputation & The Cyber Risk report also seeks to dispel the myth held by many small businesses – over a half (51%) according to the research – who believe they are not a target for a cyber attack. Interestingly, 63% of those surveyed have previously experienced a breach (599), and over half of those breaches were in the last year.
Part of the problem, says the report, is that many small businesses have a perception that they have nothing to steal. For example, more than a fifth of small businesses (22%) surveyed don’t consider data they hold to be commercially sensitive. This data includes intellectual property with 29% believing it’s not commercially sensitive; employee details (24%); and customer details (22%).
How to secure and protect your data
The report concludes by offering three simple steps to help reduce the risk from the cyber threat:
• use three random words to create a strong password
• install security software on all devices
• always download the latest software updates.
The government’s Cyber Essentials scheme also offers a simple security guide for small businesses.
For information on keeping your business cyber secure and a full copy of the Small Business Reputation & The Cyber Risk. For more on Cyber and Data Risks Insurance from Hiscox, which includes access to specialist public relations support if a covered claim looks likely to damage the reputation of your business. Hiscox UK is a member of the Cyber Streetwise Forum.