Who would want to attack me?
Perhaps surprisingly, quite a lot of people. Recent trends show that cyber-attacks on small businesses are on the increase – according to reports by Small Business Trends, 43% of cyber-attacks are targeted towards SMEs.
It might be tempting to think that your business has little in the way of value for hackers in comparison to the Talk Talks and Yahoos of the world, but the fact of the matter is that your business has systems which hold data, making you an attractive target for cyber criminals. Think of it this way – anything your business can leverage to make a profit, so can hackers. Email addresses, phone numbers, and billing addresses, for example, are pieces of data that many small businesses store. These might seem inconsequential, but in the hands of the right people, they could provide a tidy profit at your customers’ – and consequently your – expense.
What’s more is that small businesses are generally easier targets. Despite many high profile cyber-attacks taking place over the last year or so, small businesses don’t appear to be motivated to do anything to prevent breaches of their own data. Small Business Trends also reports that while 58% of SMEs are concerned about cyber-attacks, 51% don’t have any budget allocated to mitigate risk. A significant number are also following poor security practices, with only 38 % regularly upgrading software solutions and 22% encrypting databases.
Why should I care?
Figures suggest that 60% of SMEs which are hit with a cyber-attack go out of business within 6 months. With the GDPR looming, the risk of going out of business runs even higher, as businesses who fail to comply to regulations run the risk of being hit by heavy penalties – up to 4% of global turnover or €20 million, in fact.
The most recent figures suggest that nearly half a million small businesses don’t have a clue about the new data rules under the GDPR, and as there’s now less than a year to go until the biggest shake up to data protection laws for two decades, many businesses are simply setting themselves up to shut up shop over the next few years. Businesses are even liable if they are not the data handler, meaning that if you come into contact with the data or EU citizens in any way, you’re going to need to invest in a cybersecurity solution. And quickly.