Procurement 4 May 2018

FSB policy director: Micro business owners hold exactly the kind of data cyber criminals want

Martin McTague is policy director at the Federation of Small Businesses
Challenging the perception that cyber criminals are more concerned with large firms than smaller enterprises, Martin McTague, policy director at the Federation of Small Businesses (FSB), offers micro company owners a wake up call with some crucial cyber security action points.

From Talk Talk to Uber, Yahoo! to the adult networking site Ashley Madison, theyve all been victims of cyber attacks. Big names, with millions of customers, falling prey to hackers is, unsurprisingly, big news when it happens. But the fact that the cyber attacks we hear about are the ones affecting well-known, large corporations helps to fuel the perception gap among small business owners that it’s not a risk that applies to them. The reality is very different, with 45 per cent of micro and smaller businesses experiencing a data breach in 2016-17.

When a cyber attack happens, it costs the business time, money and reputation. It can force the business to suspend operations while the problem is fixed; where customer data has been breached, time will have to be spent dealing with the resulting complaints and resolving disputes; even if you’re insured, youll still have to go through the process of assessing the damage and making a claim.

“The reality is, most businesses now hold customers? names, addresses and contact details”

Government research suggests it takes on average half a day to get back up and running, but with a serious breach it can be significantly longer. The average cost of a cyber security breach for a small or micro business is nearly 1, 400. And contrary to common belief, financial losses are not always reimbursed.

And yet highlighted in the recently published A Call to Action: the Cyber Aware perceptions gap” report, part of the government’s Cyber Aware campaign among millions of SMEs there is the perception? – – that it’s not something that’s likely to affect them or if it is – there’s not much they can do to guard against it.

Although worrying, it’s understandable. For a self-employed gardener or someone running their own hair salon, they may well think that they operate under the radar of cyber criminals or that they ” don’t have data that is worth stealing”.

The reality is, most businesses now hold customers? names, addresses and contact details and those are exactly the kind of things hackers want to get their hands on.

Other small firms will be reliant on computer systems to run their businesses; some will sell online; some will have customers? banking information. Again, big targets for cyber criminals. And cyber crime isnt necessarily restricted to data theft many incidents involve extortion (ransomware attacks) or the hijacking of a business’s computer to enable cyber crimes to be committed elsewhere.

CEO fraud


What is CEO fraud and how can I identify it?

Business Advice unpicks one of the growing threats to small companies, asking what is CEO fraud, before consulting two experts on the typical tactics employed by scammers and how owners can protect their firm.


At the Federation of Small Businesses, one of our priorities is to try to improve awareness of the dangers of cyber crime to small firms, and working alongside Cyber Aware is an important part of that.


Business Advice