Cyberattacks costing UK SMEs £4.5 billion a year and more financial sector faux pas discovered after Capital One breach

New data released by the Federation of Small Businesses (FSB) has shown that small businesses in the UK are facing 10,000 cyberattacks per day and costing them as much as £4.5 billion per year.

The report also showed that 20% of all UK businesses have fallen victim to cyberattacks in the last 12 months.

 Phishing attacks top the list of most common attacks faced by small to medium-sized organisations with 530,000 small firms facing that form of cyberattack over the last two years. The second biggest threat comes in the form of malware with 374,000 businesses reporting attacks, with 301,000 reported fraudulent payment requests and 260,000 reported ransomware attacks.


The basics still not being done by small businesses

Perhaps the most interesting stats from the FSB report show that many small businesses are still struggling to implement the cybersecurity basics despite the plethora of advice that’s out there.

One in three businesses were found to not have installed any security software whatsoever in the last two years whilst 40% of those surveyed said that they do not regularly update their software. A similar number admitted to never backing up their data. The report also showed that almost half of small businesses don’t have a password policy in place for devices.

The FSB report concludes that more businesses are waking up to the cyber threat but that a lack of budget and resources is holding them back when it comes to implementing effective cybersecurity measures.

Cybersecurity doesn’t have to be expensive

There is a tonne of advice out there for small businesses to follow such as the NCSC's small business guidance. Cyber Essentials is a great way for smaller businesses to get to grips with their cybersecurity. The Cyber Essentials accreditation is a government-backed scheme designed to help organisations guard against the most common cyber threats. Being Cyber Essentials certified gives a business a competitive edge and reassures their customers that they take cybersecurity seriously.

More Financial Sector Cyber Incidents disclosed

Following the revelation that Capital One suffered a data breach that exposed the sensitive data of 106 million of its customers, with more incidents involving the financial sector were revealed, highlighting the fact that the financial services sector remains a top target for cybercriminals.

Germany’s Deutsche Bank announced that it has launched an investigation of a potential data leak after it discovered that former staff members had access to sensitive emails despite them being fired several weeks previously. Separately, the details of a million business phone calls made by the California based Bank of Cardiff were found exposed online.

Third-party risks

A report titled, ‘The State of Software Security in the Financial Services Industry’ published by Synopsys Cybersecurity Research Centre and Ponemon Institute has revealed that 60% of the financial services organisations surveyed said that cloud migration and 52% blockchain tools are creating the greatest security risk.

More and more organisations in the financial sector are utilising third-party services.

Often, it's cheaper to outsource such services rather than develop them in house.

Cybercriminals know all this, which is why they deliberately seek out third-parties to attack. As a result, a breach in any part of a supply chain can lead to the compromise of their true target which is often the larger business at the top of the chain.

For more information about third-party risks and how to mitigate them click here

For Further Reading

The Cybersecurity Dream team of CyberScore™ and Cyber Posture Assessments

How can a small/medium sized business prepare for a cyberattack?

Digital Transformation is a dangerous time for financial services

Follow us on FacebookTwitter and LinkedIn and sign up to our newsletter

Want to try CyberScore? Click here for a free trial -