SMEs miscalculate the cost of cyber attacks on their business

UK SMEs yet to experience a cyber attack underestimate the financial impact by nearly £85,000 [1], new research from Sky Business finds. With over 73 million malware, phishing and bot attacks in the past year being blocked by Sky Business’ SecurityEdge [2], and with ransomware expected to rise in line with AI, UK SMEs cannot afford to be unprepared.

UK SME business decision-makers estimate they’d be forced to stop trading for an average of four days following a cyber attack. And of the businesses surveyed that had experienced a breach in the past, the economic loss of being offline for this time was estimated at £123,984. For SMEs that have not been victims of a cyber attack, they calculated the loss to be £39,633 – more than a substantial 68% lower.

With a difference of almost £85,000 (£84,351) it’s clear that SMEs who have avoided attacks to date are drastically underestimating the financial implications of malware, bots and phishing. In fact, a sixth (16%) of businesses surveyed don't think a cyber attack would cause their business to close.

The research also found a confidence disparity between smaller businesses and more established organisations. The longer a business has been running, the less likely they think a cyber attack would cause business closure. 25% of businesses which have been running for 20 years or more believe a cyber attack wouldn’t shut them down compared to just 11% of those 1-20 years old.

Further key findings include: 

• 21% of businesses yet to experience an attack don’t think they would have to close while 100% of those who have been victims said they would. 
• 8% of businesses who haven’t been victims think an offline period would last 8 days or longer compared to 24% of those who have experienced one before. 
• Microbusinesses (those with 1-9 employees) were more likely to underestimate the impact of a cyber attack on their business, with nearly a third (29%) saying an attack wouldn’t cause their business to close. Only one in ten (10%) of medium businesses (with 100-249 employees) said an attack wouldn’t cause business closure. 

Stacey Hill, Director of Sky Small Business Group at Sky Business comments: “The risk of cyber attacks is increasing for UK businesses. A fifth (18%) of SMEs we spoke to have already fallen victim, and research shows this figure will rapidly rise. With those previously attacked SMEs estimating average losses of nearly £31,000 for each day they are forced to close, cybersecurity must be at the top of the business agenda. A vigilant defence starts with secure connectivity, and small businesses must safeguard this to protect their revenue. Cybersecure connectivity should not be complicated. Easily accessible solutions that enable always on protection are crucial so SMEs can mitigate the risk of unauthorised threats.” 

One of the biggest causes of cybersecurity breaches is the use of public unsecured Wi-Fi connections, despite this being highly dangerous as cybercriminals can easily access any devices connected. When SMEs are using connectivity equipped with Sky Business’ SecurityEdge cyber protection, any device connected to their network will be protected. SecurityEdge offers small businesses advanced features with enterprise grade security, simplified specifically for their needs.  

For average SMEs, security solutions embedded within their connectivity offering can be a simple effective source of cyber protection.

[1] Research carried out by Censuswide which asked 353 SME decision makers (from companies with between 1-249 employees) between 12.04.2024 – 17.04.2024 about their experience of cyber attacks. Censuswide abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles. Censuswide is also a member of the British Polling Council.

[2] Sky Business data

For more information please contact:  

molly.treanor@sky.uk