The cost of cyber security breaches on small businesses

Nadia Kadhim

Nadia Kadhim

CEO of Naq & GDPR lawyer
18 Aug 2021
The cost of security breaches on small businesses

Hackers are no longer just focusing on larger companies. According to Hiscox, small businesses that fell victim to a cyber-attack incurred losses ranging from £7,000 to an eye-watering £186,000  in a trend expected to continue throughout 2021. But what kind of costs make up these numbers?

While many companies report on the total cost of a cyber attack, these numbers can often end up looking overwhelming, particularly for small businesses. When a cyber attack hits your company, what are the expenses you need to budget for and to whom are you paying these costs? We’ve put together this breakdown to show you exactly how these costs add up using a business of 10 employees as an example.

This blog forms part of our small business cybersecurity series. Take a look at our 7 cybersecurity best practices for small businesses and get quick, actionable advice on how to begin protecting your business today. 

Responding to the incident:

The majority of the costs associated with a cyber attack will be made up of dealing with the attack itself. These include any business downtime, particularly if your business operates primarily online, consultants to advise on what to do next and the expense of fixing any vulnerabilities as quickly as possible.

ActionResourcesTimeTotal Costs
Business Downtime£600 Per Day5-21 Days£3,000 – £12,600
Employee time spent on dealing with incident1-3 People5-21 Days£750 – £9,450
Third-party network & scanning tools£2,000 – £5,000
Security consultants1 consultant1-2 days£800 – £1,600
Web developer or security expert to fix vulnerability1-2 people2-5 days£1,600 – £5,000
Legal fees to ensure GDPR requirements relating to data breaches are met1 consultant1 day£3,200
Total (Average)£24,100

Preventing further security incidents and data breaches

In addition to resolving the current security incident, business owners should prioritise preventing these types of security or data breaches from occurring again in the future. Measures to prevent further breaches should include monitoring software to report potential attacks at the earliest instance and employee training to ensure staff are aware of the most common cyber threats and how to avoid them.

ActionResourcesTotal Costs
Network securityRouter, firewall, switches£900 – £2,000
Backup solutions£30 per user, per year£30 – £300
Anti-virus software£300 per 10 devices per year£300
Staff trainingYearly employee training£100 – £3,000
Legal fees to ensure all legal data protection policies are in place12 necessary documents to be compliant£4,800 – £9,600
Total (Average)£9,165

Ransoms and GDPR Fines

With ransomware attacks becoming more prevalent, companies often find themselves paying ransoms to recover their encrypted data, especially if it includes sensitive information. If customer data is compromised, your company could also be liable for GDPR non-compliance fines. Wondering what to do if your company is hit with a ransomware attack? Take a look at our 5 step ransomware protection plan.

ActionTotal Costs
Ransom fines£1,000 – £25,000
Fine to the ICO for GDPR non-compliance£15,000
Total (Average)£26,500

The total cost of a security attack

Even without the addition of ransomware and GDPR fines, the costs associated with a security breach could see the closure of several small and medium-sized businesses across the UK.  As security breaches among SMEs increase, comprehensive and affordable solutions must become available to all companies.

Naq offers SMEs a one-stop cybersecurity and data compliance solution, including world-class cybersecurity, complete data compliance, staff training and security advice from as little as £99 per month.  You can even try us for free today.

Subscribe to our newsletter for the latest security and compliance news

GDPR Consent

Care for more?