Over one in four (26%) British SMBs have been targeted by ransomware over the past year, with half (47%) of those compromised paying their extorters, according to new data from Avast.
The security vendor polled 1000 IT decision makers from UK SMBs back in October, to better understand the risk landscape over the previous 12 months.
More than two-thirds (68%) of respondents said they are more concerned about being attacked since the start of the war in Ukraine, fuelling concerns that have led to half (50%) investing in cyber-insurance.
They’re wise to do so, considering that 41% of those hit by ransomware lost data, while 34% lost access to devices, according to Avast.
Given that SMBs comprise over 99% of private sector businesses in the country, it’s reassuring that cyber is now being viewed as a major business risk. Nearly half (48%) ranked it as one of the biggest threats they currently face, versus 66% who cited financial risk stemming from surging operational cost.
More respondents cited cyber as a top threat than did physical security (35%) and supply chain disruption (33%).
However, the vast majority (81%) of SMB leaders also believe the government should be doing more to help. Assisting with incident response (60%) and clearer information on cybercrime risks (58%) were cited most frequently.
A recent decision by the government to offer free Cyber Essentials support to smaller firms will be welcomed as a step in the right direction.
Lindsey Pyle, VP of strategy at Avast Business, argued that SMBs are among the groups most vulnerable to cyber-threats.
“They often have very limited budget and resources, and many don’t have somebody on staff managing security holistically. As a result, not only are they lacking in their defense, but they’re also slower to react to incidents,” she said.
Conversely, SMBs can take advantage of their relative agility to accelerate efforts to enhance their cyber-resilience ahead of a potentially major incident.
“SMBs need to utilize these strengths to get prepared and to get a plan in place, which at the bare minimum should include implementing online and offline backups, installing anti-virus, setting up network monitoring and ensuring an automated patching regime is established,” Pyle concluded.