SMEs are unprepared for breaches in data security, and grossly underestimate the cost of dealing with them, a white paper has revealed.
According to Experian’s third annual data breach report – SMEs Under Threat – almost a third (29 per cent) of UK small and medium-sized businesses have no plan in place to deal with security breaches.
In addition, when asked how much data breaches would cost their business, SMEs’ estimates fell short by around 40 per cent.
Firms polled for the white paper said they expected data breaches would cost just short of £180,000. This is £130,000 less than the cost in reality, according to government figures, which place the cost of such breaches at an average of £310,000.
But, when indirect costs are factored in – such as damage to a firm’s reputation – the picture is gloomier still.
More than two thirds (64 per cent) of consumers said they would be put off using a business if it had been subject to a data breach. Just 23 per cent of SMEs surveyed recognised this as a risk.
This is a stark warning for small and medium-sized firms, given that 75 per cent of those responding to the survey had experienced a data breach in 2015.
Jim Steven from Experian said: “Our study has uncovered an ‘it’ll never happen to us’ attitude among Britain’s most vulnerable businesses.
“While it’s understandable that smaller businesses may feel they lack the resource or expertise to prepare for a data breach, they are also the most vulnerable.
“Whether due to sophisticated cybercrime or basic human error, the true cost of a breach is far worse than companies are imagining, and for small companies especially, businesses need to ask themselves whether their business could survive if two thirds of their customer base were to disappear overnight.”
Among SMEs who do not have a plan in place to tackle data security breaches, half (51 per cent) said it wasn’t a priority, 40 per cent said they didn’t think they were at risk, and 20 per cent said they didn’t have the budget to implement one.
Other findings include:
- 77 per cent of SMEs said they are confident they would know what to do in the event of a data breach
- 60 per cent of plans contained no provisions for customer remediation
- 48 per cent of plans contained no insurance measures
- 49 per cent did not outline any plans for communications around the data breach
Steven added: “Our research has uncovered a vast gulf between how ready SMEs think they are for a data breach and the stark reality.
“With high-profile data breaches becoming an almost-monthly occurrence, and European legislation that’s likely to fundamentally change requirements of companies around customer notification, we urge companies of all sizes to expect the unexpected and put solid plans in place.”