SME Cybersecurity Insights 2024

Actionable advice in the light of shocking Government figures on cyber breaches in 2024

These days, SME cybersecurity is more critical than ever for growing businesses. The UK Government’s 2024 Cyber Breaches Survey shines a light on the current business cyber security landscape.   It suggests that SMEs should be taking more action to safeguard their operations. With many of these risks rising with size and the complexity of organisations, any firm with 50 or more employees should be taking positive protective action.

We delve into the most important SME cybersecurity findings and imperatives, so that you can understand the potential implications for your business.

SME Cybersecurity Breaches are on the rise

The 2024 Cyber Breaches Survey reveals a stark reality that half of businesses (50%) and a third of charities (32%) have experienced cyber security breaches or attacks in the past year.

Because these figures rise dramatically for medium (70%) and large businesses (74%), it strongly suggests that risks of attack currently grow as businesses expand.

It is likely that as staff numbers rise, so do risks of human-focused threats. Phishing is the most common vector for attacks. Phishing which means receiving emails containing malicious links or which try to fool recipients into revealing sensitive information. Phishing affected 84% of business respondents in the government’s survey.

Financial impact of cyber incidents on SMEs

Cyber attacks can cost companies dearly – both financially and in terms of lost productivity or time.  The government estimates the average cost of the most disruptive breach in the last 12 months at £1,205 for businesses of any size – but again, the costs rise significantly for larger businesses, costing in excess of £10k.

SMEs often operate on slim margins and cannot afford the cost of attacks. They are a little less likely to be the focus of targeted attacks focused on a specific company, rather than broader un-targeted attacks that attempt to exploit vulnerabilities in common tools. However, even a single small attack could take systems offline for precious time, and cost money you to resolve.  SMEs could easily come into the scope of a targeted attack on a particular device or application.

Essential SME Cybersecurity Hygiene Measures

The survey emphasizes the importance of basic cyber hygiene practices to defend against common threats. Encouragingly, adoption of some core measures such as malware protection, network firewalls and backups are increasing. There were notable improvements in malware protection (up from 76% to 83%) and network firewalls (up from 66% to 75%).

Although that sounds as if ‘most’ companies are covered, the reality is different. Certainly, those without any protection are at the most severe risk. However even companies that have previously invested in cyber security measures may fall short if they have not been comprehensively implemented, are out of date, or are simply not being maintained and monitored. This is a common issue in SME organisations who may not have any in-house resources, and who may not retain IT services and support on an ongoing basis or who have changed their providers.

Cyber security for SMEs can skip regular risk assessments

Identifying and mitigating cyber threats requires regular risk assessments. This matters because the threat landscape evolves at an alarming rate. The risks from cyber threats identified last year will be significantly out of alignment with those today.

The survey found that just 31% of businesses conducted cyber security risk assessments in the past year, although this rises for larger businesses. SMEs are the least likely to have a robust and regular model for risk.  Just 33% of businesses have deployed security monitoring tools, essential for detecting and responding to cyber incidents in real time.

Improving cybersecurity for SMEs starts from the top

The survey explored how well SME cybersecurity was led by senior management across all sizes of business. This is relevant because effective cybersecurity governance requires active involvement from senior management – who must not only prioritise investment in appropriate expertise and solutions, but also lead behaviours in their business.

The survey reports that three-quarters of businesses (75%) and 63% of charities do prioritise this issue at senior level – but, again, the figures are significantly higher in larger businesses, which means that SMEs are falling short of this.

Boost Your SME Cybersecurity: Download Our Free Essentials Guide

To help your SME business stay ahead of cyber threats, we’ve created a comprehensive tipsheet, “Six Cyber Security Essentials for SMEs”. This valuable resource covers the most effective strategies you can employ to protect your organisation.

SME Cybersecurity - essentials of cyber security for SMEs

Here’s a sneak peek at what you’ll find:

  1. Multi-Factor Authentication (MFA): Too often ignored instead of embraced, what looks like an irritating extra step in fact is a huge protector against unwelcome system access.
  2. Tighten Email Security: Without strong security measures both technical and in terms of training wiser behaviours, your email inboxes are like an open door for cyber criminals.
  3. Use a Password Manager: Your strongest defence against lacklustre and lazy password behaviours is to guard all passwords more carefully, make them stronger.
  4. Keep Software Current: It’s not smart to work on with older versions that may now have known gaps – and you miss out on a ton of potential extra value that developers are adding.
  5. Backup Cloud Data: Are you one of the many, many people who assume Microsoft and Google will back up your data simply because you’re using their cloud systems? Think again.
  6. Enhance Staff Cyber Awareness: People are one of your biggest IT system weaknesses – not just due to lack of knowledge, but also simply because of human error.

Don’t wait until it’s too late. Equip yourself and your SME business with the knowledge you need – even simple steps taken proactively and promptly can significantly enhance your SME cybersecurity protection.