When did you last review your IT security?

Startling figures from a survey into business IT security breaches show that small businesses are now experiencing incident levels previously only seen in larger organisations.

The 2013 Information Security Breaches Survey, undertaken by the Department for Business Innovation & Skills (BIS), found that 87% of small businesses (those with fewer than 50 staff) had experienced an IT security breach in the past year – up from 76% in 2012.

And the companies that had been affected experienced an average of 50% more breaches than a year ago. IT for business is vital, so it is worrying to hear that the cost of security breaches to UK businesses has roughly tripled over the past 12 months.

Steep increase in security breaches

The research highlights that small businesses need to be more robust than ever in protecting their IT security to minimise any risks. The figures show the worrying levels of security attacks experienced in the last year:

• 87% of small businesses across all sectors experienced a breach – costing up to 6% of their turnover
• 63% were attacked by an outsider (up from 41%)
• 23% were hit by denial-of-service attacks (up from 15%)
• 15% detected that outsiders had successfully penetrated their network (up from 7%)
• 9% know that outsiders have stolen their intellectual property or confidential data (up from 4%)

Help at hand

The problem has become so serious that the Government is extending its Innovation Vouchers scheme to allow SMEs to bid for up to £5,000, from a pot of £500,000, to improve their cyber security by using outside expertise.

BIS is also publishing guidance to help small businesses put IT security higher up the agenda and make it part of their normal business risk management procedures.

Minister for Universities and Science David Willetts says: “Keeping electronic information safe and secure is vital to a business’s bottom line. Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents.

“The package of support will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race.”

Mike Cherry, National Policy Chairman, Federation of Small Businesses adds: “Cyber security is an increasing risk for small and micro businesses and more and more, a barrier to growth. The FSB is very pleased to see the Government announce a package of measures including specific guidance for small firms, helping them take steps towards more effective cyber security. Information security should be part and parcel of good business practice. We need to cut through the jargon to give straightforward and practical advice, to help businesses put in place protections in their business.”

Preventable attacks

According to Government Communications Headquarters (GCHQ), it is estimated that 80% or more of currently successful attacks can be prevented by simple best practice. This could be steps as straightforward as ensuring staff do not open suspicious-looking emails or ensuring sensitive data is encrypted.

More than a third (36%) of the worst security breaches in the last year were caused by inadvertent human error – and a further 10% by deliberate staff misuse. This shows the importance of training staff and monitoring office IT use carefully.