Are SMEs underestimating the data breach threat?

New statistics have revealed that SMEs are increasingly at risk of a data breach, yet there is a lack of understanding amongst these companies regarding the true cost of a cyber attack. This makes worrying reading, as it indicates that a lot of SMEs are at risk of fraud loss, non-compliance fines, and severe reputational damage because they are not taking the threat as seriously as they should be.

Recent figures announced by the government showed that the average cost of a data breach to a small business is £310,000. Is this something your business could afford to lose? Yet, just as worrying is the fact that the vast majority of business owners are underestimating this threat. In fact, Experian found that SMEs are undervaluing the cost of a data breach by a massive 40 per cent. This research was conducted as part of their third annual study on data breach preparedness, entitled ‘SMEs under threat’.

This means that most companies predict the cost of a data breach to be around £179,990. Thus, if the worst were to happen, they would find themselves needing to find an extra £130,000 than anticipated. Unfortunately, the picture becomes even bleaker when you consider the additional indirect expenses that are associated with the loss of trust and reputational damage that occurs after a breach.

It seems that the ‘it will never happen to us’ attitude is still going strong. SMEs should take note of the findings in this survey. Only 23 per cent of those interviewed stated that they think a data breach would have a negative impact on their customers, causing them to look elsewhere. However, the reality is that 64 per cent of consumers say a data breach would discourage them from using the services of an SME.

Not only are SMEs failing to acknowledge the threat, but also they are not preparing effectively either. 65 per cent of companies interviewed stated that they have a data breach response plan. Of those that did not have a plan, 51 per cent said they do not view it as a priority, and 39 per cent don’t think they are at risk. Moreover, only 29 per cent of these organisations update their plan on a quarterly basis. For a plan to be effective, it must be updated, audited, and tested regularly.

The way you response to a data breach is imperative. It could be the difference between your business surviving the breach and not. Can you hold onto the vast majority of your consumers? Or, will you make the situation even worse? A lot of businesses fall into the latter category. In regards to SME data breach response, the following statistics were found – 75 per cent had no forensics, 60 per cent had no customer remediation, 49 per cent had no communication plans, 48 per cent had no insurance plans, 45 per cent had no legal plans, and 42 per cent had no customer notification. The lack of preparedness is extremely worrying.

Don’t be one of these statistics. Take the steps to secure your business to minimise the chance of a data breach occurring.