How SMEs Can Achieve Cyber Resilience

Cyber-attacks are a growing threat to organisations across the world, with attacks rising globally by 125% in 2021, costing businesses an average of $4.35m.  Furthermore, the outbreak of the Russia-Ukraine war has seen cybercrime in Europe grow exponentially, with a 300% increase in attacks targeting NATO countries. 

The UK remains a top target for cyber-attacks. IBM’s X-Force Threat Intelligence Index report found that cyber-attacks in the UK made up 43% of all attacks in Europe in 2022.  The consequences of such attacks for large organisations, such as governments and publicly listed companies, can be both financially and reputationally costly. For small and medium-sized organisations, they can be devastating or even existential.

54% of SMEs in the UK were victims of a cyber-attack in 2022, costing businesses thousands. This includes not only the accompanying costs of a cyber breach, but also potential fines for infringement of data protection guidelines. This accumulation of bills causes serious financial pressures, not to mention emotional strain, for businesses with limited resources. In order to minimise cyber risk, SMEs must look at actionable strategies to build cyber resilience.

Unique Challenges Faced By SMEs

The widespread digitalisation as a result of the pandemic saw SMEs adopt new software and solutions to adapt to working from home. However, with new technologies being integrated so quickly, many companies may have overlooked the broader impact of those implementations. With limited resources in a risk landscape marked by rapid digitalisation and evolving cyber threats, SMEs have found themselves incredibly vulnerable to cyber-attacks.

With cyber threats on the rise, SMEs often make easy targets for hackers - 18% of SMEs do not have any cybersecurity software,  and SMEs are also likely to be repeat victims of cyber-attacks. In fact, two-thirds of UK SMEs that have faced a breach have been targeted again. 

How SMEs Can Manage Cyber Risk

With cybersecurity products often prohibitively expensive for SMEs, particularly following the impact of the pandemic and rising costs that have marked the 2020s, it is important that SMEs look at other ways they can mitigate cyber risks on a budget. As the costs of a breach can easily exceed the cost of cybersecurity, and with the average recovery time for SMEs more than nine months,  SMEs must recognise cyber risk as a business risk and invest in cyber mitigation appropriately.

Businesses should also look at upskilling employees, as employees can often be targeted with ransomware and phishing scams. In fact, 82% of cyber breaches involve a human element,  making it vital that employees are prepared and trained to understand and spot potential cyber threats, and minimise their vulnerability to risks.

Implementing A Cyber Resilience Strategy

Developing a cyber resilience plan is an essential element of mitigating risks. A cyber resilience strategy consists of three facets: cyber risk quantification, cyber threat visibility, and cyber risk transfer.

Cyber risk quantification - is about balancing cybersecurity with capital allocation. Organisations should conduct risk assessments in order to determine the degree that they can suffer a setback following a cyber-attack without impacting their capacity to continue operating. This helps businesses determine the level of cyber risk mitigation required for them, and to allow them to maximise their return on investment.

Cyber threat visibility - involves organisations monitoring possible threats to their organisation, is another aspect of cyber resilience. With many businesses frequently using third-party software, the surface area for hackers to target is even larger than before, meaning businesses must be aware of any potential vulnerabilities within their own environments and those of the businesses that they work with.

Cyber risk transfer -  is the transferring of cyber risk to a third-party, such as through cyber insurance. With the cost of cyber insurance expected to stabilise as it becomes a more mature product, cyber insurance is expected to become increasingly accessible for SMEs. Furthermore, there is an increasing number of providers offering different tiers of cyber insurance packages, allowing businesses to tailor the level of cyber insurance to their needs.

By planning appropriately for mitigating cyber-attacks with cost-effective strategies, SMEs can prepare against malicious threats and proactively manage risks with the resources available to them in a landscape with growing cyber threats.

By educating employees, engaging in regular security audits, and creating and exercising robust incident response plans, SMEs can safeguard themselves against cyber threats and build resilience.

Tom Egglestone is Global Head of Claims at Resilience                    Image; Tim Mossholder

You Might Also Read: 

A New Approach To Cyber Security Helps Resist Extortion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« The UN Cybercrime Convention Could Help & Harm Victims
Police Error Exposes Personal Data Of Crime Victims »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

Lookout

Lookout

Lookout takes a mobile-first approach to security and protects mobility for some of the world's largest enterprises, critical government agencies, and millions of individuals worldwide.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

Sponge

Sponge

Cybersecurity Sorted by Sponge is a seriously engaging training game to make your staff the first line of defence against cyber threats.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

GK8

GK8

GK8 is a cyber security company that offers a high security custodian technology for managing and safeguarding digital assets. Secure, Compliant and Practical.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

Firmus

Firmus

As the leading penetration testing services provider in Malaysia, Firmus evaluates the ability of your internal or external information assets to withstand attacks.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.