New report suggests 1.3 million small firms are at risk of failure if hit by a cyberattack

A new study by Vodafone has revealed that 23% of UK small and medium sized enterprises would be likely to fail were they to fall victim to a cyberattack. Furthermore, this means an attack where the firm suffers the average financial loss from a cyberattack, which is £3,230, so it need not be a significant attack in order for there to be devastating consequences for SMEs.

23% of the SMEs in the UK equates to 1.3 million businesses, and this proportion of respondents to the survey said they would no longer be able to operate following a cyberattack. An additional 16% of firms, equivalent to almost one million businesses, say they would need to lay off staff in the event of a cyberattack.

SMEs make up 99.9% of the UK’s six million private sector businesses, and firms of this size also employ three-fifths of the UK’s workforce.

Almost one-third (31%) of SMEs say that they have experienced an increase in the number of cyberattacks they have experienced since the start of the first lockdown last year. 41% report some form of cyberattack during the past 12 months, with 20% saying they have suffered six or more attacks. The fact that more than 75% of SMEs are now reliant on remote working, to a greater or lesser degree, only heightens their cyber risks.

The report makes a series of recommendations, which include:

  • The Government should introduce a reduced 5% VAT rate on cybersecurity products to ensure they are accessible to SMEs
  • Additional resources should be allocated by the National Cyber Security Centre to support the economic recovery of SMEs

Anne Sheehan, Business Director, Vodafone UK, said:

“Cyber-attacks are an existential threat to Britain’s small businesses, yet nearly a third have no cybersecurity strategy in place. This report’s stark findings are a warning that as SMEs do more and more of their business online, it is vital that they take the steps they need to keep themselves safe – and that Government does more to support them to do so. The UK needs successful, resilient small businesses.”

Simon Fell MP, Chair of the All-Party Parliamentary Group on Cybersecurity, said:

“This new report from Vodafone shows that businesses often lack awareness of the cybersecurity risks they face, the protection they need to mitigate them, and the resources to withstand them.

“SME cybersecurity is not a prosaic issue facing a few journeymen trying their hands at a new business during the pandemic, but rather an issue of national economic resilience.”

FCA senior management have previously warned that even the smallest firms need to have a ‘security culture’. 

The Personal Investment Management & Financial Advice Association’s recent paper Cyber Resilience in Extraordinary Times addressed ways that firms could reduce cyber risks while staff were working from home.

Scott Robert are regulatory risk, compliance and strategy experts.