Small businesses are particularly exposed to the pressure and risks from online threats, so they need help from outside experts, says Professor Richard Benham, founder of the National MBA in Cyber Security.

The problem of cyber security affects virtually every business today. Any company that uses email, has a website and stores important data on a computer is at risk. The only effective option for small businesses is to outsource their cyber security to a specialist provider, as the costs and risks of trying to manage it in-house are arguably now too high.

The cloud offers SMEs a cost-effective solution to managing their IT security. But, you’re effectively putting your company in the hands of a cloud provider, so you need to make sure you choose the right one.

There are key questions small businesses should ask before committing to a cloud provider.

  • Never forget that the cloud is really someone else’s computer – if a problem occurs, will you be allowed the access to their systems that you require to fix it?
  • Where is my data being stored? – if you don’t know where it actually is, and there is no guarantee of its location other than a supplier’s word, then your business may be at risk
  • Can you trust the cloud provider? – choosing a cloud provider is like choosing a bank, only without deposit insurance. It’s worth asking a cloud provider whether it is insured – just in case
  • Does it have a round-the-clock help desk? – if your IT system goes down on a Friday night will anyone be available to help you get it back online?

How safe is it? – they all like to portray themselves as being like Fort Knox, but they are just as vulnerable as any other business to cyber criminals. Has it ever been hacked itself?

Taking cover from cyber attack

The TalkTalk hack offers a classic case study for what can go wrong for a firm. But would a small business survive the same nightmare?

Most SMEs could only last for a day or two if their website or IT system went down before being pushed to the verge of bankruptcy. That’s why I think it will become increasingly important in our fast-developing digital economy for small businesses to buy cyber insurance.

Why a cyber insurance policy is important

Small firms should view cyber cover in the same way as their other business-critical insurance policies. A blaze might destroy your premises, but it won’t destroy your business if you have property and business interruption insurance. The same applies if you suffer a hack and have a cyber insurance policy.

As a sole trader myself I made sure I bought a cyber insurance policy. In general, I think insurers need to do more to provide coverage for the specific needs of small businesses.

I’d expect some form of loss of profits cover and the services of a PR expert to come in immediately after a cyber attack has been uncovered and perform damage limitation to be offered as standard in a cyber insurance policy.

You only need one person on Twitter warning others to steer clear of your firm because they’ve heard you’ve been hacked for your business to be facing potential disaster.

The cyber insurance market is evolving quickly, however, and having a policy can offer small firms a financial lifeline should they fall victim to a hack. We haven’t seen businesses go under after suffering a cyber attack, but I think that won’t be far off. I can see a time when having a cyber insurance policy is mandatory for every business, just like employers’ liability.

In today’s technological age, the threats are forever changing. Criminals are constantly devising new, more sophisticated tools for attacking companies, so it’s nigh impossible to know what a possible attack will look like or where it will come from in the future. That’s why it’s essential for small businesses to have a Plan B in place. What’s yours?

We offer loss of profits cover and immediate PR expertise after a cyber attack with our cyber and data risks insurance.