Small businesses arming themselves against cyberattacks

UK SMBs investing in cloud and network security to guard against ransomware, phishing and other cyberattacks

Posted 23 January 2023 by Christine Horton

Small and medium-sized businesses (SMBs) are investing in cybersecurity protection with network and cloud security topping the list.

The 2022 State of Ransomware Report  from Datto, a Kaseya company, shows that 52 percent of UK SMBs are planning to invest in cloud security over the next year, higher than the global average of 45 percent. This is followed by 47 percent planning to invest in network security and 32 percent in cyber insurance.

When asked what their total downtime was during their most recent cybersecurity issue, 18 percent of UK SMBs stated that they didn’t have any, compared to the global average of 12 percent. In addition, the average cost of downtime for a UK company is approximately £53,000 which is significantly lower than the global average of £103,000.

This could be because many more UK SMBs have implemented security solutions compared to their global counterparts:

  • Anti-virus – 74 percent of UK SMBs implemented (global: 57 percent)
  • Email / spam protection – 66 percent of UK SMBs implemented (global: 53 percent)
  • File backup – 64 percent of UK SMBs implemented (global: 49 percent)
  • Managed Firewall – 62 percent of UK SMBs implemented (global: 49 percent)
  • Cybersecurity training for employees – 50 percent of UK SMBs implemented (global: 43 percent)

Phishing and computer viruses

However, 58 percent of UK SMBs have experienced phishing emails, which is higher than the global average (49 percent).

Computer viruses follow closely behind at 52 percent compared to the slightly lower global average of 50 percent. The research found that Covid-19 related scams or threats are still causing problems with 20 percent of UK SMBs saying they affected their business in the last 12 months. Despite these prevalent attacks, 56 percent of UK SMBs feel they would recover from a cybersecurity incident, but it would be a difficult process.

The average cost of the ransom requested to release the captured data or systems in the UK was approximately £16,500, higher than the global average of approximately £12,500. UK SMBs also reported that the type of data encrypted the most was private cloud data (53 percent – which is higher than the global average of 48 percent), followed by SaaS and PCs, both at 30 percent, lower than the global average – 38 percent.

A 2022 report claimed that more than three quarters (76 percent) of cyber-victims paid the ransom to end an attack and recover data. Unfortunately, while 52 percent paid the ransom and were able to recover data, 24 percent paid the ransom but were still not able to recover data.

Hackney Council has revealed it has spent £12.2 million in the last financial year in the aftermath of its October 2020 ransomware attack.

Taking security measures

Nearly 3,000 IT professionals in SMBs across eight countries – including the UK – weighed in on the steps they are taking to protect themselves against threat actors. But despite this, only three in 10 SMBs stated that they have a best-in-class recovery plan in place. 

Chris McKie, VP of product marketing for security and networking solutions said many businesses are taking more steps to protect themselves against threat actors.

“Whether they’re investing in new security products or utilising multiple security frameworks, most SMBs realise the very real threat that ransomware poses for their business, and they’re doing what they can to keep themselves safe.”

Check out the lineup for the Think Cybersecurity for Government event.