For small businesses looking to gain more customers, building trust and credibility, and maintaining it, is a large part of day-to-day strategy. Trust and reputation is the foundation for both new and long term business relationships with customers, investors and supply chain alike.
Over the pandemic, small businesses have had to revolutionise the way they do business to accommodate their staff working remotely and taking their services online. Consequently, many businesses now rely on online technology for almost every aspect of working life and this naturally brings increased cyber risk. Understanding risk management in the face of cyber threat is essential to building resilience and a necessary step to being seen as serious and trustworthy.
Likelihood of a cyber attack
Many small businesses do not see their business or their data as a target, yet they are still at risk of being attacked. Most cyber attacks are not carried out by criminal masterminds, nor are they targeted at any one in particular, instead, unskilled criminals are able to access freely available tools and randomly attack many thousands of businesses or individuals in one go.
95% of cyber-crime is indiscriminate and opportunistic
According to the figures from the Government’s 2021 Cyber Security Breaches, two in five businesses and a quarter of charities report having cyber security breaches or attacks in the last 12 months.
Some of the most publicised attacks have been as a result of a breach in the business’ supply chain, so even if a business has some basics in place, cyber criminals can find their way into a network by using the weakest link in the chain. Business to business assurance is now vital to winning new business within a supply chain, and more and more contracts are mandating cyber security.
Cost of a cyber attack
According to the Hiscox Small Business Guide to Cyber Attacks 2020, the average mean cost of a cyber security breach for a small business in 2019 was £11,000. This figure includes the cost of business interruption as well as hardware replacement costs.
It is reported that one in six firms who suffered a cyber-attack in the past year said they almost went under. This indicates that even a simple cyber breach can seriously inhibit an organisation’s ability to keep operating. Many small businesses pay the ultimate cost and never recover.
Reputational damage
A cyber attack could mean anything from a virus affecting how a computer operates to loss of access to all data in a ransomware attack. The worst case for most businesses would be the theft of customer personal data which would not only result in an investigation and possible fine by the ICO, but the loss of reputation and trust. Reputational damage can have a long term impact on a company, effecting not only the number of clients, but also the relationship with its suppliers and the quality of its partnerships.
With Cyber Essentials certification, a small business can take control of its cyber risk and show responsibility towards its customers, supply chain and the information it is trusted with. The preparation and process of getting certified to Cyber Essentials will give an organisation a clear picture of their cyber security and an opportunity to improve.
By certifying annually to an evolving Government approved scheme, small steps that are inexpensive and simple can become embedded into an organisation’s every day working practises and this will develop a security conscious culture.
90% of all cyber attacks start with a phishing email (a fraudulent email sent by cybercriminals that mimics a legitimate communication from a trusted source). These untargeted attacks exploit basic weaknesses that can be found in many organisations such as staff using administrative accounts for day to day tasks and not setting up two-factor authentication for online accounts. Cyber Essentials consists of five controls that will reduce the impact of common cyber-attack approaches by up to 80% and could reduce potentially large-scale damage from one phishing email. 50% of UK organisations said that cyber security is now baked into every business decision.
Customer knowledge and awareness
In the DMA Understanding Consumers Attitudes to Data and Privacy 2020 survey, the ways in which security and data breaches are reported by the media has begun to strongly impact people’s understanding of the value of their data and the necessary responsibilities expected by an organisation. The same survey shows that fears of data hacking has become the biggest cause of distrust among people towards organisations.
In line with the digital transformation of nearly every customer-business relationship, the public are now more empowered to choose where they put their trust. Organisations need to show that they are taking cyber security seriously and Cyber Essentials certification gives them a clear and affordable way to prove that they have their house in order.
As many small business owners spin a lot of plates at the same time, cyber security can tend to become something that is over-looked. Getting certified with Cyber Essentials will give many small businesses the added qualities of resilience and trustworthiness over their competitors. It will help them to win new business and remain strong in the face of risk.
If you are a small business or charity and are ready to certify to Cyber Essentials, you can apply for the Cyber Essentials assessment via the IASME website here. You can also take a look at the assessment questions on the IASME website for free.
If you are not yet ready to certify to Cyber Essentials, but would like to get started on your journey, work your way through the free online Cyber Essential Readiness tool. The process will help you gauge your current understanding and level of cyber security and give you tailored advice and guidance to help you prepare for certification.