Hackers breach 30,000 websites a day, and smaller companies are increasingly the hardest hit, with serious repercussions for victims’ finances, as well as their reputations.
A severe attack typically leaves small and mid-sized companies £65,000-£115,000 out of pocket, according to research by PwC, and the worst-hit firms report up to six security breaches a year. While a bigger business may be equipped to absorb the financial blow, costs of this magnitude can quickly spell the end for an SME.
Despite this, many smaller companies tend to neglect their security measures as they focus their energies on core commercial activities such as sales and customer care.
But, as companies embrace more and more internet-based technologies and payment systems to boost their businesses, they leave their data increasingly vulnerable to attack – and internal security expertise struggles to keep up with the threat.
“[SMEs] are exposed to many of the same attacks as much larger enterprises, yet they don’t have the security expertise and resources available to those larger firms,” Maxim Weinstein, a security advisor at Sophos, told the BBC.
“There are some businesses that are much more than just users of technology,” said Weinstein. “They have huge computing requirements as well as massive storage and bandwidth requirements – far more than their head count would suggest.”
“In the same way they don’t run your own bank or accountancy firm they shouldn’t run their own security operation,” he warned.
250,000 new viruses are released everyday by hackers and attacks are becoming ever more sophisticated. Among the biggest breaches of 2014 were two attacks in the US that specifically sought to steal customer data: one, on the restaurant chain Dairy Queen, which targeted point-of-sale devices in a number of outlets, and the second on the leading department store Target. In the past, the UK government has released a number of guidelines to help SMEs strengthen their defences against hackers.