How SMEs Can Achieve Cyber Resilience

Uploaded on 2023-08-19 in TECHNOLOGY--Resilience, FREE TO VIEW

Cyber-attacks are a growing threat to organisations across the world, with attacks rising globally by 125% in 2021, costing businesses an average of $4.35m.  Furthermore, the outbreak of the Russia-Ukraine war has seen cybercrime in Europe grow exponentially, with a 300% increase in attacks targeting NATO countries. 

The UK remains a top target for cyber-attacks. IBM’s X-Force Threat Intelligence Index report found that cyber-attacks in the UK made up 43% of all attacks in Europe in 2022.  The consequences of such attacks for large organisations, such as governments and publicly listed companies, can be both financially and reputationally costly. For small and medium-sized organisations, they can be devastating or even existential.

54% of SMEs in the UK were victims of a cyber-attack in 2022, costing businesses thousands. This includes not only the accompanying costs of a cyber breach, but also potential fines for infringement of data protection guidelines. This accumulation of bills causes serious financial pressures, not to mention emotional strain, for businesses with limited resources. In order to minimise cyber risk, SMEs must look at actionable strategies to build cyber resilience.

Unique Challenges Faced By SMEs

The widespread digitalisation as a result of the pandemic saw SMEs adopt new software and solutions to adapt to working from home. However, with new technologies being integrated so quickly, many companies may have overlooked the broader impact of those implementations. With limited resources in a risk landscape marked by rapid digitalisation and evolving cyber threats, SMEs have found themselves incredibly vulnerable to cyber-attacks.

With cyber threats on the rise, SMEs often make easy targets for hackers - 18% of SMEs do not have any cybersecurity software,  and SMEs are also likely to be repeat victims of cyber-attacks. In fact, two-thirds of UK SMEs that have faced a breach have been targeted again. 

How SMEs Can Manage Cyber Risk

With cybersecurity products often prohibitively expensive for SMEs, particularly following the impact of the pandemic and rising costs that have marked the 2020s, it is important that SMEs look at other ways they can mitigate cyber risks on a budget. As the costs of a breach can easily exceed the cost of cybersecurity, and with the average recovery time for SMEs more than nine months,  SMEs must recognise cyber risk as a business risk and invest in cyber mitigation appropriately.

Businesses should also look at upskilling employees, as employees can often be targeted with ransomware and phishing scams. In fact, 82% of cyber breaches involve a human element,  making it vital that employees are prepared and trained to understand and spot potential cyber threats, and minimise their vulnerability to risks.

Implementing A Cyber Resilience Strategy

Developing a cyber resilience plan is an essential element of mitigating risks. A cyber resilience strategy consists of three facets: cyber risk quantification, cyber threat visibility, and cyber risk transfer.

Cyber risk quantification - is about balancing cybersecurity with capital allocation. Organisations should conduct risk assessments in order to determine the degree that they can suffer a setback following a cyber-attack without impacting their capacity to continue operating. This helps businesses determine the level of cyber risk mitigation required for them, and to allow them to maximise their return on investment.

Cyber threat visibility - involves organisations monitoring possible threats to their organisation, is another aspect of cyber resilience. With many businesses frequently using third-party software, the surface area for hackers to target is even larger than before, meaning businesses must be aware of any potential vulnerabilities within their own environments and those of the businesses that they work with.

Cyber risk transfer -  is the transferring of cyber risk to a third-party, such as through cyber insurance. With the cost of cyber insurance expected to stabilise as it becomes a more mature product, cyber insurance is expected to become increasingly accessible for SMEs. Furthermore, there is an increasing number of providers offering different tiers of cyber insurance packages, allowing businesses to tailor the level of cyber insurance to their needs.

By planning appropriately for mitigating cyber-attacks with cost-effective strategies, SMEs can prepare against malicious threats and proactively manage risks with the resources available to them in a landscape with growing cyber threats.

By educating employees, engaging in regular security audits, and creating and exercising robust incident response plans, SMEs can safeguard themselves against cyber threats and build resilience.

Tom Egglestone is Global Head of Claims at Resilience                    Image; Tim Mossholder

You Might Also Read: 

A New Approach To Cyber Security Helps Resist Extortion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« The UN Cybercrime Convention Could Help & Harm Victims
Police Error Exposes Personal Data Of Crime Victims »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Arsenal Recon

Arsenal Recon

Arsenal Recon are digital forensics experts, providing consultancy services and powerful software tools to improve the analysis of electronic evidence.

CTM360

CTM360

CTM360 is a unified external security platform offering 24x7x365 Cyber Threat Management for detecting and responding to cyber threats.

Touchstone Security

Touchstone Security

Touchstone Security is a company with a passion for technology, a hyper-focus on cybersecurity, and a special affinity for cloud technology.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.

Mirai Security

Mirai Security

Mirai Security are a cyber security company that specializes in Governance, Risk Management and Compliance, Cloud Security and Application Security.

Department of Homeland Security (DHS) - USA

Department of Homeland Security (DHS) - USA

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

DYOPATH

DYOPATH

At DYOPATH we work with the single purpose of helping our clients combat the ongoing increase of cyber threats, the growth in more complex IT environments, and ever-increasing human capital shortages.

Black Cipher Security

Black Cipher Security

Black Cipher is a New Jersey-based cybersecurity and incident response consulting firm.

Executive Solutions USA

Executive Solutions USA

At Executive Solutions USA, our mission is to provide top-tier vCISO services that enable businesses to protect their critical assets and maintain a competitive edge.