With over one million small-to-medium sized businesses in London, the risk of cybercrime is a reality for an ever-increasing number of organisations in the capital. From phishing emails to ransomware attacks, cybercriminals are choosing to target more small businesses over large enterprises.
In fact, studies have proven that small companies have seen the biggest rise in cyberattack victims since 2019. Additionally, not only have the number of cyberattacks increased, but the cost too as the same findings shared a 396% rise in cyberattack-related costs (2019-2023). Consequently, SMEs tend to experience the most financial hardship from cyberattacks as resources and budgets are drained to recover.
But why do cybercriminals choose to specifically target small businesses?
According to the Federation of Small Businesses (FSB), one in five small UK companies were victims of cybercrime at least once in the past two years.
Small businesses are soft targets for cybercrime but don’t realise it
Why small businesses think they won’t be targeted by cybercriminals
National news is typically saturated with reports of disruptive data breaches impacting huge corporations. As a result, businesses and customers often assume these cybercriminals won’t choose to target their small businesses. What data would small businesses have that cybercriminals want to target and steal?
Similarly, governments choose to broadcast their successes in preventing globally connected cybercriminal groups. Subsequently, many small business owners believe that criminals have more tempting, and wealthier victims in mind than their firms. So, why would we continue assuming these cybercriminal groups are interested in our small London-based businesses?
Understandably, most small enterprises are focused on day-to-day productivity, growth and building their competitive advantage to combat a challenging economic climate. As such, the presence of common cyber threats still seems completely irrelevant.
As a matter of fact, the UK government reported a decline in small and micro businesses prioritising cybersecurity. This lack of attention to cybersecurity further stems from businesses believing they are too small or don’t have anything worth stealing. But this is not the case.
The reality of cybercrime for small businesses
Contrary to what most SMEs believe, any organisation can become a victim, regardless of its size. Every organisation holds data that could be of value to cybercriminals. Alternatively, stolen data is often exploited to reach multiple other parties of interest. So, your company doesn’t have to be a large financial firm or hold highly sensitive trade secrets to be a victim of cybercrime.
Furthermore, due to overreporting of huge data breaches, large enterprises are increasingly vigilant about cybercrime. This means they have turned to investing more in cybersecurity and prioritise data protection. Meanwhile, punishments have become more severe for criminals. Therefore, the risk is often too great for cybercriminals to target large companies, leading to a rise in smaller businesses as victims.
The unique vulnerabilities of small businesses
Vulnerable technologies, little resources
Alike most London-based companies, small businesses are increasingly reliant on their IT to help run operations. Key small business infrastructure can range from small servers and printers to the latest mobile devices and workstation computers. Undoubtedly, these new technologies are essential for daily tasks and can offer immense potential for growing companies.
However, they can also introduce new and possibly unexpected IT security vulnerabilities. So, although you might not be running a huge backup system, new tech can put your small business at risk of cyberattacks.
Between them, your devices share confidential communications about customer, suppliers and finances, as well as client work, designs, artworks, blueprints, and more. All data considered critical is vulnerable to hacking. And whether it is a direct attack on your small business or a stepping stone to target another organisation, cybercriminals pose a threat.
Limited cybersecurity training & awareness
Despite these risks, many businesses do not appear to be adequately educated about the risk of cybercrime. As such, small businesses may not take the necessary action to protect their data from hackers.
The UK government reports a tendency of small businesses to pass on the burden of cybersecurity to external contractors. This is commonly due to the lack of internal IT expertise and training among non-IT staff. But what happens when cybercriminals target the employees of your small business?
The problem is that smaller firms often lack the knowledge and awareness required to understand and successfully address IT security issues. This also limits their ability to stay ahead of emerging cyber threats in their industry.
Surprisingly, other government figures indicate a shift in attitudes about cybersecurity, with 84% of small businesses claiming it is a high priority for them. Therefore, the next actionable step for business owners is simple. Put a greater emphasis on cybersecurity training and implement specific security policies for your employees.
Remember, your small business isn’t expected to have unlimited IT expertise. However, support and training can always be outsourced. By partnering with a company like totality services, you can benefit from employee cybersecurity training at an affordable rate.
Budget restraints
Alongside training, small businesses are typically constrained by their security budget, if a specific one is allocated at all. This often means they won’t be equipped with the necessary cybersecurity measures to protect their IT.
For example, 2024 reports show that less than half (38%) of UK small businesses have cybersecurity cover as part of their wider insurance policy. Additionally, only 11% have a specific cybersecurity insurance policy.
Overall, tightening budgets lead to a much higher risk of cyberattacks for smaller organisations, as they are unable to invest in comprehensive security.
If you’d like any advice regarding cybersecurity or you’re seeking IT cybersecurity services for your London-based business, please reach out to our team of IT experts today.