How SMEs Can Achieve Cyber Resilience

Cyber-attacks are a growing threat to organisations across the world, with attacks rising globally by 125% in 2021, costing businesses an average of $4.35m.  Furthermore, the outbreak of the Russia-Ukraine war has seen cybercrime in Europe grow exponentially, with a 300% increase in attacks targeting NATO countries. 

The UK remains a top target for cyber-attacks. IBM’s X-Force Threat Intelligence Index report found that cyber-attacks in the UK made up 43% of all attacks in Europe in 2022.  The consequences of such attacks for large organisations, such as governments and publicly listed companies, can be both financially and reputationally costly. For small and medium-sized organisations, they can be devastating or even existential.

54% of SMEs in the UK were victims of a cyber-attack in 2022, costing businesses thousands. This includes not only the accompanying costs of a cyber breach, but also potential fines for infringement of data protection guidelines. This accumulation of bills causes serious financial pressures, not to mention emotional strain, for businesses with limited resources. In order to minimise cyber risk, SMEs must look at actionable strategies to build cyber resilience.

Unique Challenges Faced By SMEs

The widespread digitalisation as a result of the pandemic saw SMEs adopt new software and solutions to adapt to working from home. However, with new technologies being integrated so quickly, many companies may have overlooked the broader impact of those implementations. With limited resources in a risk landscape marked by rapid digitalisation and evolving cyber threats, SMEs have found themselves incredibly vulnerable to cyber-attacks.

With cyber threats on the rise, SMEs often make easy targets for hackers - 18% of SMEs do not have any cybersecurity software,  and SMEs are also likely to be repeat victims of cyber-attacks. In fact, two-thirds of UK SMEs that have faced a breach have been targeted again. 

How SMEs Can Manage Cyber Risk

With cybersecurity products often prohibitively expensive for SMEs, particularly following the impact of the pandemic and rising costs that have marked the 2020s, it is important that SMEs look at other ways they can mitigate cyber risks on a budget. As the costs of a breach can easily exceed the cost of cybersecurity, and with the average recovery time for SMEs more than nine months,  SMEs must recognise cyber risk as a business risk and invest in cyber mitigation appropriately.

Businesses should also look at upskilling employees, as employees can often be targeted with ransomware and phishing scams. In fact, 82% of cyber breaches involve a human element,  making it vital that employees are prepared and trained to understand and spot potential cyber threats, and minimise their vulnerability to risks.

Implementing A Cyber Resilience Strategy

Developing a cyber resilience plan is an essential element of mitigating risks. A cyber resilience strategy consists of three facets: cyber risk quantification, cyber threat visibility, and cyber risk transfer.

Cyber risk quantification - is about balancing cybersecurity with capital allocation. Organisations should conduct risk assessments in order to determine the degree that they can suffer a setback following a cyber-attack without impacting their capacity to continue operating. This helps businesses determine the level of cyber risk mitigation required for them, and to allow them to maximise their return on investment.

Cyber threat visibility - involves organisations monitoring possible threats to their organisation, is another aspect of cyber resilience. With many businesses frequently using third-party software, the surface area for hackers to target is even larger than before, meaning businesses must be aware of any potential vulnerabilities within their own environments and those of the businesses that they work with.

Cyber risk transfer -  is the transferring of cyber risk to a third-party, such as through cyber insurance. With the cost of cyber insurance expected to stabilise as it becomes a more mature product, cyber insurance is expected to become increasingly accessible for SMEs. Furthermore, there is an increasing number of providers offering different tiers of cyber insurance packages, allowing businesses to tailor the level of cyber insurance to their needs.

By planning appropriately for mitigating cyber-attacks with cost-effective strategies, SMEs can prepare against malicious threats and proactively manage risks with the resources available to them in a landscape with growing cyber threats.

By educating employees, engaging in regular security audits, and creating and exercising robust incident response plans, SMEs can safeguard themselves against cyber threats and build resilience.

Tom Egglestone is Global Head of Claims at Resilience                    Image; Tim Mossholder

You Might Also Read: 

A New Approach To Cyber Security Helps Resist Extortion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« The UN Cybercrime Convention Could Help & Harm Victims
Police Error Exposes Personal Data Of Crime Victims »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Exprivia

Exprivia

Exprivia is active in the design, development and integration of IT systems including cyber security.

Infosec (T) Ltd

Infosec (T) Ltd

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Sentor Managed Security Services

Sentor Managed Security Services

Sentor Managed Security Services is a cybersecurity company that enables organizations to exist in a digitally connected world.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.