smallbusiness.co.uk: Helping your business think big

Email a Friend

Small businesses unprepared for data breaches 
Small businesses have once again found to be unprepared for cyber threats

Half of small companies in the UK have no plan in place to deal with a data breach and are drastically underestimating the cost of managing one.

Experian’s third annual data breach preparedness study reveals a worrying lack of understanding among small and medium-sized enterprises (SMEs) regarding the true cost of a data breach, with estimates falling short by an average of 40 per cent.

Such a miscalculation could leave the survival of many at stake if a breach were to hit.

Government figures indicate that a data breach costs SMEs an average of £310,000, yet the SMEs surveyed estimated the cost to be £179,990; a shortfall of more than £130,000.

While it’s clear SMEs are underestimating these direct costs, the additional indirect costs associated with reputational damage and impacted trust makes the picture for unprepared organisations even more bleak.

Two thirds (64 per cent) of consumers say they would be discouraged from using an SME's services following a data breach, yet just a quarter (23 per cent) of SMEs surveyed acknowledge this as a risk.

Jim Steven of Experian says, 'Our study has uncovered an ‘it’ll never happen to us’ attitude among Britain’s most vulnerable businesses. While it’s understandable that smaller businesses may feel they lack the resource or expertise to prepare for a data breach, they are also the most vulnerable.'

Whether due to sophisticated cybercrime or basic human error, the true cost of a breach is far worse than companies are imagining, adds Steven.

He adds, 'For small companies especially, businesses need to ask themselves whether their business could survive if two thirds of their customer base were to disappear overnight.'

Just 45 per cent of small companies say they have a data breach response plan in place, despite three quarters of UK SMEs (74 per cent) having experienced a data breach last year.

The research reveals complacency as the main reason for inaction, with more than half (51 per cent) of SMEs without a plan saying they do not see it as a priority.

Two fifths (40 per cent) say they do not think they were at risk, and 20 per cent cite a lack of available budget as the main barrier.

Three quarters (77 per cent) of SMEs are confident they would know what to do in the event of a data breach; yet further investigation finds that 60 per cent of plans contain no provisions for customer remediation and around half contain no provision for insurance or communications around the data breach (48 pet cent and 49 per cent respectively).

Steven says, 'Our research has uncovered a vast gulf between how ready SMEs think they are for a data breach and the stark reality.

'With high profile data breaches becoming an almost-monthly occurrence, and European legislation that’s likely to fundamentally change requirements of companies around customer notification, we urge companies of all sizes to expect the unexpected and put solid plans in place.'

Further reading on data breaches

See also: How to start building a website

Related topics: Computer & IT business

Previous article

Consumers prefer human contact when it comes to customer service

Next article

Small company owners say marketing is the weakest part of their business

Post a comment

1 comment

Matt Grant

A timely piece Ben, the reality of a such a breach can actually be devastating for an SME, with fines from the ICO being ramped up through 2016, with a the most recent fine imposed, albeit on a tele-marketing company, a figure in excess of £250k! We can in five easy steps, reduce a companies marketing spend, increase their response rates, advise them of direct marketing best practice and ensure any campaign doesnât breach the 8 Data Protection Principles, we can help protect the environment by substantially reducing carbon footprint and prevent complaints and brand damage through negligent marketing. If you need more reasons, talk to TDP Direct Marketing and if we canât convince you that database cleansing is a worthwhile exercise, weâll send you a free gift, by post to the right address, of course!

Related

News | Management

Small businesses must back up data
Chief execs should be accountable for data breaches

News | Outlook

Chief execs should be accountable for data breaches
Small businesses short-changed by Budget  

News | Opportunities

Small businesses short-changed by Budget  

Comment & opinion | Accounts & tax

Profit from online accounting software  

Small Business Offers

More from Small Business

Starting a Business
Brexporting: From price points to pallet delivery 

Brexporting: From price points to pallet delivery 

How might a Brexit affect your logistical operations and international trade? Here, we look at...  

Financing a Business
Why small business lending alternatives are the next big thing 

Why small business lending alternatives are the next big thing 

Here are a few of the biggest drivers behind the slowdown in small business lending...  

Running a Business
The implications of drink driving and needing a licence for work 

The implications of drink driving and needing a licence for work 

Here, we give advice on the course of action to take if you get caught...  

Blog
Small businesses and courtesy in the digital age 

Small businesses and courtesy in the digital age 

In the latest in his series of courtesy in business, David Cliff examines the downside...