How SMEs Can Achieve Cyber Resilience

Uploaded on 2023-08-19 in TECHNOLOGY--Resilience, FREE TO VIEW

Cyber-attacks are a growing threat to organisations across the world, with attacks rising globally by 125% in 2021, costing businesses an average of $4.35m.  Furthermore, the outbreak of the Russia-Ukraine war has seen cybercrime in Europe grow exponentially, with a 300% increase in attacks targeting NATO countries. 

The UK remains a top target for cyber-attacks. IBM’s X-Force Threat Intelligence Index report found that cyber-attacks in the UK made up 43% of all attacks in Europe in 2022.  The consequences of such attacks for large organisations, such as governments and publicly listed companies, can be both financially and reputationally costly. For small and medium-sized organisations, they can be devastating or even existential.

54% of SMEs in the UK were victims of a cyber-attack in 2022, costing businesses thousands. This includes not only the accompanying costs of a cyber breach, but also potential fines for infringement of data protection guidelines. This accumulation of bills causes serious financial pressures, not to mention emotional strain, for businesses with limited resources. In order to minimise cyber risk, SMEs must look at actionable strategies to build cyber resilience.

Unique Challenges Faced By SMEs

The widespread digitalisation as a result of the pandemic saw SMEs adopt new software and solutions to adapt to working from home. However, with new technologies being integrated so quickly, many companies may have overlooked the broader impact of those implementations. With limited resources in a risk landscape marked by rapid digitalisation and evolving cyber threats, SMEs have found themselves incredibly vulnerable to cyber-attacks.

With cyber threats on the rise, SMEs often make easy targets for hackers - 18% of SMEs do not have any cybersecurity software,  and SMEs are also likely to be repeat victims of cyber-attacks. In fact, two-thirds of UK SMEs that have faced a breach have been targeted again. 

How SMEs Can Manage Cyber Risk

With cybersecurity products often prohibitively expensive for SMEs, particularly following the impact of the pandemic and rising costs that have marked the 2020s, it is important that SMEs look at other ways they can mitigate cyber risks on a budget. As the costs of a breach can easily exceed the cost of cybersecurity, and with the average recovery time for SMEs more than nine months,  SMEs must recognise cyber risk as a business risk and invest in cyber mitigation appropriately.

Businesses should also look at upskilling employees, as employees can often be targeted with ransomware and phishing scams. In fact, 82% of cyber breaches involve a human element,  making it vital that employees are prepared and trained to understand and spot potential cyber threats, and minimise their vulnerability to risks.

Implementing A Cyber Resilience Strategy

Developing a cyber resilience plan is an essential element of mitigating risks. A cyber resilience strategy consists of three facets: cyber risk quantification, cyber threat visibility, and cyber risk transfer.

Cyber risk quantification - is about balancing cybersecurity with capital allocation. Organisations should conduct risk assessments in order to determine the degree that they can suffer a setback following a cyber-attack without impacting their capacity to continue operating. This helps businesses determine the level of cyber risk mitigation required for them, and to allow them to maximise their return on investment.

Cyber threat visibility - involves organisations monitoring possible threats to their organisation, is another aspect of cyber resilience. With many businesses frequently using third-party software, the surface area for hackers to target is even larger than before, meaning businesses must be aware of any potential vulnerabilities within their own environments and those of the businesses that they work with.

Cyber risk transfer -  is the transferring of cyber risk to a third-party, such as through cyber insurance. With the cost of cyber insurance expected to stabilise as it becomes a more mature product, cyber insurance is expected to become increasingly accessible for SMEs. Furthermore, there is an increasing number of providers offering different tiers of cyber insurance packages, allowing businesses to tailor the level of cyber insurance to their needs.

By planning appropriately for mitigating cyber-attacks with cost-effective strategies, SMEs can prepare against malicious threats and proactively manage risks with the resources available to them in a landscape with growing cyber threats.

By educating employees, engaging in regular security audits, and creating and exercising robust incident response plans, SMEs can safeguard themselves against cyber threats and build resilience.

Tom Egglestone is Global Head of Claims at Resilience                    Image; Tim Mossholder

You Might Also Read: 

A New Approach To Cyber Security Helps Resist Extortion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« The UN Cybercrime Convention Could Help & Harm Victims
Police Error Exposes Personal Data Of Crime Victims »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

D-RisQ

D-RisQ

D-RisQ is focussed on delivering techniques to reduce the development costs of complex systems and software whilst maximising compliance

Chertoff Group

Chertoff Group

The Chertoff Group provide security advice and risk management services covering cyber security, insider threat, physical security and asset protection.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

Business Hive Vilnius (BHV)

Business Hive Vilnius (BHV)

BHV is one of the oldest startup incubator and technology hubs in the Baltics, primarily focused on hardware, security, blockchain, AI, fintech and enterprise software.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Camel Secure - ZeroRisk

Camel Secure - ZeroRisk

Camel Secure is a company specialized in the development of products for information security and technology risk management.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.

Cure53

Cure53

Cure53 offers classic black-box penetration tests (zero-knowledge) as well as white-box tests and code audits.

Command Zero

Command Zero

Command Zero is the industry’s first autonomous and AI-assisted cyber investigations platform, built to transform security operations in complex enterprise environments.