Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Cyber Security for SMEs: Why Cybercriminals are Setting their Sights on Small and Medium Businesses
Since the pandemic, traditional cyber targets have strengthened their security. Large businesses are no longer such an easy target for many hackers – but this may not be a good thing. Cybercriminals are increasingly turning their focus towards SMEs, putting thousands of companies at risk. Many SMEs have attempted to protect themselves by purchasing cyber risk insurance. But cyber risk insurance will not prevent you being compromised, and you cannot transfer the liability to the insurance company.
A study reported by Forbes from Barracuda Networks analysed thousands of companies. It found that businesses with fewer than 100 employees are 350% more likely to be victims of cyber-attacks when compared to large firms. When this is combined with the 600% increase in cybercrimes over the pandemic reported by TechRepublic, the threat is clearly there. Over 70% of SMEs will experience cyber-attacks, and 60% of businesses that are attacked will go out of business within six months.
Larger firms often have far more comprehensive cyber security and resources, dissuading would-be attackers from mounting an assault on their accounts. Instead, they look to infiltrate accounts and systems which senior staff use to communicate or work on sensitive or financial data. Forbes shared that “…hackers target high value accounts for takeover. Accounts of CEOs and CFOs are almost twice as likely to be taken over compared to average employees.” These accounts may provide access to large amounts of company data, such as CEO email accounts or system logins that enable access to company files. Once an attacker has access to these accounts, they can use them to gather intelligence on the company and launch attacks internally.
Most SMEs will have taken steps to build cyber security defences, but with smaller budgets and fewer resources to prevent cyber breaches, it’s difficult to match or even come close to the sophisticated warnings and protections that large enterprises can muster.
Some small businesses resort to mitigating damages through the use of cyber insurance. At first glance, cyber insurance seems to be a pragmatic way to reduce the risks of cybercrime. Insurance can seem a cheaper option than maintaining strong cyber security internally. It’s intended to safeguard an SME financially against the damage caused by any cyber threats. Cyber insurance policies generally stipulate certain levels and measures of prevention, but meeting these doesn’t necessarily mean an SME is fully or even well protected.
Due to the relative youth of the cyber insurance market, prices can be volatile. According to the Wall Street Journal, last year premiums increased by 92% in the US alone. Eligibility and conditions are also tightening as the market develops, making cyber insurance less attractive to SMEs. Large-scale cost reductions have yet to be achieved, as unlike in mature insurance markets (such as property or life insurance) calculating the risk of an attack on a specific company is currently very speculative, with many uncertainties that drive up prices considerably.
As with all insurance, there is also the risk of claims being denied for an increasingly diverse and complex array of reasons, or pay-outs being smaller than needed to mitigate the disruption and damage caused. Cyber insurance can also cause complacency: if the risk or threat has been removed in the short term, there’s less immediate pressure to focus on long-term SME cyber security. Exposure and claims could cause further insurance premium increases or put your firm at higher risk of a pay-out being denied.
The sophistication of cybercrime has developed markedly in the past few years, as attackers broaden their modes of attack. The most common forms an SME may face include:
Prevention is the gold standard in any market – it’s better to avoid adversity than strive to be compensated for it. Cars have crash prevention technology to decrease accident risks, homes have security systems to prevent burglaries, and doctors prescribe statins to prevent cholesterol-related health conditions. All these measures are more beneficial than insurance to mitigate the issues after the worst has happened. The same applies to cyber risk insurance – even heavy financial compensation is unlikely to make up for reputational damage and loss of customer trust, not to mention business disruption or complete stoppage.
A key cyber security strategy for SMEs is increasing employee awareness. Cyber-attacks are often successful due to employee error – if an employee is unaware of the tools used by criminals, they make their business far more susceptible to cyber breaches. Regular and thorough employee training has been shown to be a very effective defence against cybercrime.
Cyber security can be a complex business, but there are core activities that every organisation with a digital presence should put in place. The start point must be reviewing how you currently protect your users and systems to identify gaps and weaknesses. SMEs must have monitoring in place to detect compromised email accounts and suspicious messages. Threat responses can be automated to streamline security. But keeping your cyber security software and protocols up to date is a full-time job. With cybercriminals refining their attacks every day, it’s vital to have the latest defence tools and detection in place.
Managing cyber security in-house can also put a strain on the budget and resources of a business. Many SMEs choose instead to partner with a cyber security specialist who understands the unique needs of SMEs and the challenges they may face.
At Six Degrees, our experienced team offers a range of services to help protect your SME. Our award-winning managed security services protect your organisation’s digital assets, helping you to reduce vulnerabilities and exposure to threats, including 24×7 monitoring and response to anticipate and defend against attacks.
Consulting and compliance services are an effective way of reducing your business’ vulnerability. SMEs can assure themselves that the organisation is compliant with data protection and other security regulations. Working with us, you gain access to third party industry experts who can advise on key decisions and help you develop and implement a robust cyber security strategy to safeguard assets and reassure customers.
Penetration testing can also offer an insight into the weak points of SMEs’ infrastructures, systems and processes, enabling them to strengthen their security and minimise vulnerability to attacks.
Cyber insurance is no substitute for robust preventative measures, constant monitoring and protection. If you do invest in cyber insurance, you will in any case need to demonstrate that you have defences in place before any claim can be accepted.
With the threats faced by SMEs in the cyber landscape growing so substantially, no responsible business leader can afford to be complacent. Cyber insurance will neither provide a blueprint for robust cyber security standards nor adequately protect organisations from disruption, reputational damage or financial loss.
To learn more about how Six Degrees can help your business put robust cyber security measures in place and maintain protection continuously, get in touch with one of our SME cyber security specialists.
Chris Cooper is Cyber Security Practice Director at Six Degrees. At Six Degrees, we’ve been helping organisations confront cyber security challenges for over 15 years. While cyber threats are always developing, our experience and industry presence are testament to our ability to stay ahead of emerging threats.
Secure technology services provider Six Degrees becomes a…
Phishing and Ransomware Survival Guide 2023 In the…
NCSC, CREST, IASME… just another list of meaningless…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.