UK small businesses are up to 20 times more likely to suffer damaging data breaches than their larger counterparts, according to new data from Terbium Labs.
The dark web intelligence firm crawls the non-indexed web searching for customers’ data, and in so doing identifies when sensitive information has been stolen and put up for sale.
It found 5-20 times the number of breaches coming from smaller firms, although they are often not publicized because of the lower profile of these organizations, the vendor claimed.
“Smaller companies make easier targets because they don't have the resources to effectively defend themselves. Most attacks are automated, so it makes little difference to an attacker if they steal 1,000 personal data records from 100 smaller companies, or if they steal 100,000 personal data records from one company,” explained Terbium Labs CEO, Danny Rogers.
“UK small and medium sized businesses just don't have the volume to absorb a big data breach event, and it can cause so much damage that entire businesses can be destroyed. At the same time, these organizations have far fewer resources, not to mention much more limited data sets, to combat the problem. Currently, they’re sitting ducks.”
Nearly half (47%) of small businesses have experienced a breach or cyber-attack in the past 12 months, according to government data released in April — roughly the same as last year’s figures.
Although spending on cybersecurity is higher as a percentage of total spend than other sized companies (33%), just 31% of micro-businesses and 39% of small firms said they have dedicated staff to deal with attacks, according to the government. This is versus 62% of medium and 76% of large businesses.
What’s more, just 39% of small businesses have formal security policies in place, versus 59% of medium and 74% of large firms.
According to the Federation of Small Businesses (FSB), UK small businesses suffer as many as seven million cyber-crimes every year, at a cost of nearly £5.3bn annually.