Over Half of SMEs Have Experienced a Cybersecurity Breach

Over half (51%) of SME businesses and self-employed workers in the UK have experienced a cybersecurity breach, according to a new study by insurance firm Markel Direct.

The findings were taken from a survey of 1000 SME firms and self-employed individuals in the UK, underlining fears that these organizations are at particularly high risk of cyber-attacks due to lack of resources and cybersecurity expertise. This issue has been exacerbated by the digital shift during COVID-19.

The most common attack methods faced by these organizations were malware/virus related (24%), data breaches (16%) and phishing attacks (15%). More than two-thirds (68%) of respondents said the cost of breaches they experienced was up to £5000.

The study also analyzed the extent of cybersecurity measures that are in place for SMEs and the self-employed. Nearly nine in 10 (88%) respondents said they had at least one form of cybersecurity, such as antivirus software, firewalls or multifactor authentication, and 70% said they were fairly confident or extremely confident in their cybersecurity arrangements.

Of these organizations and individuals, 53% had antivirus/malware software in place, and 48% had invested in firewalls and secure networks. In addition, nearly a third (31%) revealed they conducted risk assessments and internal/external audits on a monthly basis.

Worryingly, 11% of respondents said they would not spend any money on cybersecurity measures, viewing them as “unnecessary costs.”

Rob Rees, director of direct and partnerships from Markel Direct, commented: “Cyber-attacks on the largest corporations are often headline news, especially in consideration of some of the major breaches that have happened over the last few years to well-known businesses and local authorities. However, SMEs and the self-employed are also at risk, and the consequences can be devastating to smaller businesses that may not be able to recover from the financial impact of a cyber-breach or losing the trust of their customers.

“Cyber-criminals often target the self-employed and SMEs, as they lack the resources that large businesses have to invest in cybersecurity. SMEs and the self-employed who become targets of a cyber-attack can end up facing financial and operational consequences, of which some may never recover from.”


By James Coker Deputy Editor, Infosecurity Magazine, January 10, 2022