UK’s SMEs underestimate cost of cyber attack

06 June 2024

UK SMEs yet to experience a cyber attack underestimate the financial impact by nearly £85,000, according to new research from Sky Business.

With over 73 million malware, phishing and bot attacks in the past year being blocked by Sky Business’ SecurityEdge, and with ransomware expected to rise in line with AI, UK SMEs cannot afford to be unprepared.

UK SME business decision-makers estimate they’d be forced to stop trading for an average of four days following a cyber attack. And of the businesses surveyed that had experienced a breach in the past, the economic loss of being offline for this time was estimated at £123,984. For SMEs that have not been victims of a cyber attack, they calculated the loss to be £39,633 – more than a substantial 68% lower.

With a difference of almost £85,000 (£84,351) it’s clear that SMEs who have avoided attacks to date are drastically underestimating the financial implications of malware, bots and phishing. In fact, a sixth (16%) of businesses surveyed don't think a cyber attack would cause their business to close.

The research also found a confidence disparity between smaller businesses and more established organisations. The longer a business has been running, the less likely they think a cyber attack would cause business closure. 25% of businesses which have been running for 20 years or more believe a cyber attack wouldn’t shut them down compared to just 11% of those 1-20 years old.

“The risk of cyber attacks is increasing for UK businesses. A fifth (18%) of SMEs we spoke to have already fallen victim, and research shows this figure will rapidly rise. With those previously attacked SMEs estimating average losses of nearly £31,000 for each day they are forced to close, cybersecurity must be at the top of the business agenda. A vigilant defence starts with secure connectivity, and small businesses must safeguard this to protect their revenue. Cybersecure connectivity should not be complicated. Easily accessible solutions that enable always on protection are crucial so SMEs can mitigate the risk of unauthorised threats,” said Stacey Hill, director of Sky Small Business Group at Sky Business.