Research commissioned by Vodafone has found that the equivalent of 1.3m small businesses would go bust if they were targeted by hackers, leading to calls for the Government to put more money into cyber defences.
The report urged the Government to expand and to protect small and medium-sized businesses further by providing more support to the National Cyber Security Centre and making cybersecurity protections more accessible.
The report ‘Protecting our SMEs: Cybersecurity in the new world of work’ states that the UK’s economic recovery from COVID-19 is at risk if new policy recommendations are not introduced in line with the new risks that have emerged in the last 12 months.
According to the Federation of Small Businesses, SMEs account for 99.9% of the UK’s six million private sector businesses. This means they employ three-fifths of the UK’s workforce. The policy recommendations would provide much-needed support for a critical component of the UK economy.
While much has already been done to support the development of the cybersecurity segment in the UK, Vodafone believes the next step should be to create policy that supports SMEs directly. As the risks are constantly evolving, Government policy for cybersecurity should also.
The report makes the case for several policy recommendations, including a reduced 5% VAT rate on cybersecurity products, as well as additional investment and resources for the National Cyber Security Centre to expand a dedicated unit for cybersecurity for business to help secure recovery for SMEs.
Vodafone believes the positive relationship between the National Cyber Security Centre and private industry has led to the UK having a world-leading cybersecurity industry. The expansion of an SME-dedicated unit would build on these foundations, enabling small businesses to further enjoy the benefits of this leadership position.
The recommendations were prompted by polling for the report which found that 1.3 million SMEs in the UK would collapse if they fell victim to a cyber-attack. A successful cyber-attack has an average cost of £3,230; 23% of SMEs polled said that they could not survive a loss of this scale.
Pre-COVID-19, cyber-attacks cost the UK economy £34bn a year. But this report finds that almost a third of SMEs (31%) have seen an increase in attacks since the beginning of the first lockdown in March 2020 – so this figure may now be even higher.
The report assesses the heightened cybersecurity risks to SMEs through working remotely, arguing that the Government should treat SME cybersecurity as a matter of national resilience, taking proactive steps to raise awareness among SMEs of the risks they face and supporting them to protect themselves more effectively. With over 75% of UK SMEs now relying on remote working, the risks are heightened.
The report’s recommendations in full are:
Anne Sheehan, Business Director, Vodafone UK, said: “Cyber-attacks are an existential threat to Britain’s small businesses, yet nearly a third have no cybersecurity strategy in place. This report’s stark findings are a warning that as SMEs do more and more of their business online, it is vital that they take the steps they need to keep themselves safe – and that Government does more to support them to do so. The UK needs successful, resilient small businesses.”
The polling results in full showed:
Simon Fell, Chair of the All-Party Parliamentary Group on Cybersecurity, said “This new report from Vodafone shows that businesses often lack awareness of the cybersecurity risks they face, the protection they need to mitigate them, and the resources to withstand them.”
“SME cybersecurity is not a prosaic issue facing a few journeymen trying their hands at a new business during the pandemic, but rather an issue of national economic resilience.”