C no evil?
As if small business owners and managers haven’t got enough to worry about, along comes the ‘C’ word: cybercrime.
Or rather, the ‘C’ words: cyber-attack, cybersecurity, cyberwar and so on. They’re everywhere.
Perhaps unsurprisingly, there’s a fair bit of doom and gloom around these terms. So we’re quite keen to move the discussion on from how to prevent cyber-attacks, to how to recover from one and get your business back on track as quickly as possible.
We know hackers aren’t necessarily in it for the money (although most are). And we know many do it purely for the respect and admiration of their peers. As our study, The Business of Cyber Recovery shows, this diversity of motivation means it’s more of a matter of ‘when’ not ‘if’ small businesses fall victim to this sort of crime.
Being prepared for this inevitability is, clearly, essential. It’s likely that unless you have cyber liability insurance, you’re going to have to throw a certain amount of money at the situation.
How much does it cost to recover from a cyber-attack?
How much exactly is hard to say. Mainly because every attack is different and every business is different – some are simply more prepared than others.
That said there are certain likely-to-be-unavoidable, common-to-all expenses.
For example, the immediate costs to your business such as getting your website and/or your IT systems back up and running, recovering data, and putting something in place to make sure the same attack doesn’t happen again. If you’re lucky that might be it – but even with minimum business downtime, it’s likely the bill will be thousands rather than hundreds of pounds.
Our research shows that three-quarters of UK small businesses haven’t put any budget aside to deal with the aftermath. 43% will react if and when a cyber-attack happens, and have no plans in place otherwise.
Young business owners and managers seem to have a better understanding of potential cyber risks, but as people get older the more sceptical they are about the likelihood of a cyber-attack: only 22% of 18-34 year olds think a cyber-attack is unlikely, compared to 41% of 35-54 year olds and 56% of 55+ year olds.
The situation is similar when we look at the size of a business based on the number of employees: sole traders believe they’re least at risk from a cyber-attack with 71% saying it’s unlikely. This compares to 32% of businesses with 10-49 employees and 20% of businesses with 50-249 employees.
If the only costs you face following a hack are those to fix your IT systems then, frankly, you’ve got off lightly.
Many businesses might not be so lucky and could face a spiralling list of costs including hiring PR and social media support to limit reputational damage, and legal support to make sure regulators and customers are informed correctly.
Then there’s dealing with, and paying for, a customer claiming compensation for their lost data. You might need to set up a small call centre to deal with customer queries, pay a ransom to hackers, pay to replace valuable intellectual property. All of this on top of the obvious loss of earnings during the attack.
Of course, businesses should do everything they can to prevent a cyber-attack but they also need to be ready to recover from one too. It’s very much a cat and mouse game and no business is immune.
We’re all familiar with the terms cybercrime, cyber-attack, cybersecurity (loads more ‘C’ words explained in our cyber glossary), but it’s now time that we make cyber recovery part of the general discussion now too.
Further research from our The Business of Cyber Recovery report will be available shortly but in the meantime, have a look at the stats in our infographic and test your knowledge with our cyber-risk assessment tool.