Posted 28 April, 2022 at 14:29
Last week I wrote a piece about the potential consequences of a data breach under the Data Protection Act 2018, prompted as it was by the breach suffered by Funky Pigeon. So, I though this week I’d take a look at the impacts of a cyber-attack on an SME.
The effect of such an attack on an SME is much the same as it is on a major company, it’s all about scale. A resulted loss of cash for a big company of say, £500K, would be just as bad as a loss of £50K on an SME. In fact, the hit on the SME might be a darn site worse as they are generally not financially robust enough to recover.
There has been a recent Cyber Security Breaches Survey, this year, conducted by the UK Government, which says that in the last 12 months, 39% of UK businesses identified a cyber-attack. Which is actually a little down on surveys carried out by organisations like Barclay Card. However, the period under examination was not as long. The survey concluded that, within the group looked at, 31% estimated that they were attacked at least once a week, and 1 in 5 said they experienced a negative outcome because of the attack.
A successful cyber-attack can cause major damage to your business. It can affect your bottom line, as well as your business' standing and customer trust. These impacts are broadly divided into three categories: financial, reputational and legal.
Turning to the financial costs, Cyber-attacks often result in a loss arising from:
And of course, In dealing with the breach, businesses will also generally incur costs associated with repairing affected systems, networks and devices.
It takes a long time building up trust between you and your customers and, building a reputation within your field, for reliability, high standards, good customer service, etc. A Cyber-attack can destroy that in hours. If you were to lose your customers data, especially personal data, you can quickly erode that hard won reputation. Imagine if you are in the supply chain for a major company and you are connected with them electronically in automate their ordering of whatever commodity you supply. And then you become an attack vector for a cyber-criminal who uses you to break into the network of the major company. Do you think you’d ever work for that company again? That loss of reputation will potentially lead to:
There are potential legal ramifications to a cyber-attack as well. I have mentioned the Data protection and privacy laws that require you to manage the security of all personal data you hold - whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions. I have seen advertisements now from law firms advertising no win no fee terms to represent individuals who have suffered a data breach. If you consider that in such a breach, individual records are almost always not lost, it is more likely that multiple records could be lost, which means multiple claims. And that on top of any fine which may be imposed by the ICO.
And of course, you could face legal action from a larger company if you were the attack vector via the supply chain.
So, given all of that, what do you need to do? Well, you need a business continuity plan to enable you to continue doing business whilst you get sorted out. You need to be able to respond to the attack to:
This does not need to be an enormously costly thing to do. In fact, for many SMEs it can be quite a simple plan, but it does need to be a plan. You should not ignore this or it could cost you dearly, perhaps even cost you your business.
And I’ll bang my usual drum. Investing a relatively small amount in user training, education and awareness, is always money well spent.
H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services.
To learn more about the services we provide please click here https://www.hah2.co.uk/
Alternatively, please feel free to give us a call, email or book a time slot for a chat:
T: 0845 5443742
M: 07702 019060
Trust H2 – Making sure your information is secure
What our customers say about us
“We engaged H2 to examine our Cyber Security in readiness for obtaining Cyber Essentials accreditation. Their Cyber Maturity Assessment is comprehensive and H2s approach is unique in our experience of IT service companies. They provided services at our own pace and at price points which we were happy with. They were also comfortable working with our current IT provider, enhancing their services and products, and plugging the gaps, including Cyber Security and Data Protection Awareness training. I have no hesitation in recommending H2 to other companies who need such services.”
Mark Stephens, CEO, Smart Recruit Online Ltd