Survey shows many small businesses have been victims of cyber crimeSome startling figures were released last week on the cost to small businesses of cyber crime. Research by the Federation of Small Businesses (FSB) reveals that 41% of its members have been the victims of fraud or cyber crime in the past 12 months, with the average cost of these attacks around £4,000 per business.

The report says 20% had been the victims of virus infection, 8% had suffered a hacker attack, while a further 5% had suffered a system security breach that resulted in a denial of service. Of those that suffered fraud, 10% said they were the victims of card fraud, 6% of computer software service fraud, 3% online banking fraud and 2% company identity fraud.

Although the average cost to businesses of these attacks was £3,926, some business lost £50,000 or more from cyber crime.

This research echoes a survey we did last year, in which many small firms admitted they are scared of the threat of a hacking attack, but aren’t confident their systems are secure enough to withstand one.

The FSB says around two-thirds of survey respondents have taken some measures to combat against attack. But that means that a third of UK small businesses are doing nothing to protect themselves against cyber crime or online fraud.

We know cyber criminals are increasingly targeting small businesses, because they are viewed as being easier to break into than big firms, which employ teams of online security personnel and state-of-the-art programs to guard against attacks. This view that SMEs are a softer touch would seem to be borne out by the FSB’s research. Its statistics show that only 36% regularly installed security patches on their work computers; just 20% carried out risk assessments of their processes and controls or conducted staff training to counter fraud; a mere 13% used a 3D Secure product for their online payments.

The FSB has ten tips for small business to help ensure they don’t become victims of cyber crime:

  • Put in place a combination of security measures, such as anti-virus and anti-spam software, as well as creating robust firewalls for your systems
  • Conduct regular security updates on all software and devices
  • Implement a secure password policy, making sure they are strong (containing both letters and numbers) and are changed regularly
  • Secure your wireless network
  • Have clear and concise procedures on the use of email, internet and mobile devices
  • Give staff computer security training and consider making background checks on your employees
  • Implement and test backup plans, information disposal and disaster recovery procedures
  • Carry out regular security risk assessments to identify important information and systems
  • Test regularly the security of your business website
  • If you use cloud services, ask your service provider about its own security and check in your contract what redress you have in the event of an attack or denial of service.


Every small business should assess its IT risks. Don’t think you’re too small to be targeted by cyber criminals, because you aren’t. If you’re worried about your company’s exposures then you could consider cyber crime insurance to help protect your firm from the financial and legal costs of an attack.

(To read more about the FSB research, go to