How SMEs Can Achieve Cyber Resilience

Cyber-attacks are a growing threat to organisations across the world, with attacks rising globally by 125% in 2021, costing businesses an average of $4.35m.  Furthermore, the outbreak of the Russia-Ukraine war has seen cybercrime in Europe grow exponentially, with a 300% increase in attacks targeting NATO countries. 

The UK remains a top target for cyber-attacks. IBM’s X-Force Threat Intelligence Index report found that cyber-attacks in the UK made up 43% of all attacks in Europe in 2022.  The consequences of such attacks for large organisations, such as governments and publicly listed companies, can be both financially and reputationally costly. For small and medium-sized organisations, they can be devastating or even existential.

54% of SMEs in the UK were victims of a cyber-attack in 2022, costing businesses thousands. This includes not only the accompanying costs of a cyber breach, but also potential fines for infringement of data protection guidelines. This accumulation of bills causes serious financial pressures, not to mention emotional strain, for businesses with limited resources. In order to minimise cyber risk, SMEs must look at actionable strategies to build cyber resilience.

Unique Challenges Faced By SMEs

The widespread digitalisation as a result of the pandemic saw SMEs adopt new software and solutions to adapt to working from home. However, with new technologies being integrated so quickly, many companies may have overlooked the broader impact of those implementations. With limited resources in a risk landscape marked by rapid digitalisation and evolving cyber threats, SMEs have found themselves incredibly vulnerable to cyber-attacks.

With cyber threats on the rise, SMEs often make easy targets for hackers - 18% of SMEs do not have any cybersecurity software,  and SMEs are also likely to be repeat victims of cyber-attacks. In fact, two-thirds of UK SMEs that have faced a breach have been targeted again. 

How SMEs Can Manage Cyber Risk

With cybersecurity products often prohibitively expensive for SMEs, particularly following the impact of the pandemic and rising costs that have marked the 2020s, it is important that SMEs look at other ways they can mitigate cyber risks on a budget. As the costs of a breach can easily exceed the cost of cybersecurity, and with the average recovery time for SMEs more than nine months,  SMEs must recognise cyber risk as a business risk and invest in cyber mitigation appropriately.

Businesses should also look at upskilling employees, as employees can often be targeted with ransomware and phishing scams. In fact, 82% of cyber breaches involve a human element,  making it vital that employees are prepared and trained to understand and spot potential cyber threats, and minimise their vulnerability to risks.

Implementing A Cyber Resilience Strategy

Developing a cyber resilience plan is an essential element of mitigating risks. A cyber resilience strategy consists of three facets: cyber risk quantification, cyber threat visibility, and cyber risk transfer.

Cyber risk quantification - is about balancing cybersecurity with capital allocation. Organisations should conduct risk assessments in order to determine the degree that they can suffer a setback following a cyber-attack without impacting their capacity to continue operating. This helps businesses determine the level of cyber risk mitigation required for them, and to allow them to maximise their return on investment.

Cyber threat visibility - involves organisations monitoring possible threats to their organisation, is another aspect of cyber resilience. With many businesses frequently using third-party software, the surface area for hackers to target is even larger than before, meaning businesses must be aware of any potential vulnerabilities within their own environments and those of the businesses that they work with.

Cyber risk transfer -  is the transferring of cyber risk to a third-party, such as through cyber insurance. With the cost of cyber insurance expected to stabilise as it becomes a more mature product, cyber insurance is expected to become increasingly accessible for SMEs. Furthermore, there is an increasing number of providers offering different tiers of cyber insurance packages, allowing businesses to tailor the level of cyber insurance to their needs.

By planning appropriately for mitigating cyber-attacks with cost-effective strategies, SMEs can prepare against malicious threats and proactively manage risks with the resources available to them in a landscape with growing cyber threats.

By educating employees, engaging in regular security audits, and creating and exercising robust incident response plans, SMEs can safeguard themselves against cyber threats and build resilience.

Tom Egglestone is Global Head of Claims at Resilience                    Image; Tim Mossholder

You Might Also Read: 

A New Approach To Cyber Security Helps Resist Extortion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« The UN Cybercrime Convention Could Help & Harm Victims
Police Error Exposes Personal Data Of Crime Victims »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Mielabelo

Mielabelo

Belgian consulting firm providing services in the security and compliance of information systems and IT service management.

44CON

44CON

44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

Site24x7

Site24x7

Site24x7 is an all-in-one performance monitoring solution for Networks, Websites, Servers and Applications.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

Cybernance

Cybernance

Cybernance provide an enterprise-wide, web-based software solution for managing and mitigating cyber risk based on key compliance frameworks.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Sevonix

Sevonix

Sevonix is a professional services organization specializing in offering best in class technology implementation and information security consulting services.

Spin Technology

Spin Technology

SpinOne is a SaaS data protection platform designed to monitor, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

DEFENTEK - National Security Informatics

DEFENTEK - National Security Informatics

Defentek (aka National Security Informatics) is a technology consortium covering a broad spectrum of intelligence computing solutions and interception technologies.

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Wavenet

Wavenet

Wavenet has grown from simple beginnings to become one of the UK’s market leaders in unified communications, business telephony, and Cyber Security solutions.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.

LegalByte

LegalByte

LegalByte is a leading provider of comprehensive legal and forensic services dedicated to addressing the complex challenges of the digital age.

Stratascale

Stratascale

Stratascale is a consultant, systems integrator, and technology advisor with expertise in Automation, Cloud Ascension, Cybersecurity, Data Intelligence, and Digital Experience solutions.