SMEs not prepared for cyberattack aftermath, says study
A recent study by PolicyBee has found that three-quarters of small and medium enterprises (SMEs) in the UK do not have the budget to handle the aftereffects of a cyberattack, and merely 19 per cent have created a budget to deal with the consequences of such an attack.
Sarah Adams, a cyber insurance specialist, said that SMEs must stop viewing hacking and cyberattacks as only IT-related problems. In fact, these attacks have an adverse effect on sales, business reputation, revenues and customer relations. A hacked business also can face legal consequences and regulatory fines.
UK-based SMEs should have a proper strategy in place to deal with cyberattacks. This means that businesses need to know how to manage an attack so that it causes minimal damage, added Ms Adams.
While most SMEs do try to get new software and hardware and hire an IT expert, they do not budget for the services of a legal expert, the cost of legal proceedings if a customer sues for loss of data or the hiring of a PR or social media expert to handle reputation damage.
PolicyBee’s study reveals that a third of SMEs are under the misconception that they will be able to pass on the costs of a cyberattack to their third-party IT support.
Ms Adams said that expecting a third party to bear the cost of a cyberattack is not the way forward. When a breach occurs, SMEs should focus on getting their business back to normal rather than trying to sue their IT security expert or service provider.
These enterprises need systems and procedures to counter the damage of a cyberattack. Most importantly, they should adjust their budgets to ensure that business continues as usual and that all associated IT issues reach a resolution.