Hackers are no longer just focusing on larger companies. According to Hiscox, small businesses that fell victim to a cyber-attack incurred losses ranging from £7,000 to an eye-watering £186,000 in a trend expected to continue throughout 2021. But what kind of costs make up these numbers?
While many companies report on the total cost of a cyber attack, these numbers can often end up looking overwhelming, particularly for small businesses. When a cyber attack hits your company, what are the expenses you need to budget for and to whom are you paying these costs? We’ve put together this breakdown to show you exactly how these costs add up using a business of 10 employees as an example.
This blog forms part of our small business cybersecurity series. Take a look at our 7 cybersecurity best practices for small businesses and get quick, actionable advice on how to begin protecting your business today.
Responding to the incident:
The majority of the costs associated with a cyber attack will be made up of dealing with the attack itself. These include any business downtime, particularly if your business operates primarily online, consultants to advise on what to do next and the expense of fixing any vulnerabilities as quickly as possible.
|Business Downtime||£600 Per Day||5-21 Days||£3,000 – £12,600|
|Employee time spent on dealing with incident||1-3 People||5-21 Days||£750 – £9,450|
|Third-party network & scanning tools||£2,000 – £5,000|
|Security consultants||1 consultant||1-2 days||£800 – £1,600|
|Web developer or security expert to fix vulnerability||1-2 people||2-5 days||£1,600 – £5,000|
|Legal fees to ensure GDPR requirements relating to data breaches are met||1 consultant||1 day||£3,200|
Preventing further security incidents and data breaches
In addition to resolving the current security incident, business owners should prioritise preventing these types of security or data breaches from occurring again in the future. Measures to prevent further breaches should include monitoring software to report potential attacks at the earliest instance and employee training to ensure staff are aware of the most common cyber threats and how to avoid them.
|Network security||Router, firewall, switches||£900 – £2,000|
|Backup solutions||£30 per user, per year||£30 – £300|
|Anti-virus software||£300 per 10 devices per year||£300|
|Staff training||Yearly employee training||£100 – £3,000|
|Legal fees to ensure all legal data protection policies are in place||12 necessary documents to be compliant||£4,800 – £9,600|
Ransoms and GDPR Fines
With ransomware attacks becoming more prevalent, companies often find themselves paying ransoms to recover their encrypted data, especially if it includes sensitive information. If customer data is compromised, your company could also be liable for GDPR non-compliance fines. Wondering what to do if your company is hit with a ransomware attack? Take a look at our 5 step ransomware protection plan.
|Ransom fines||£1,000 – £25,000|
|Fine to the ICO for GDPR non-compliance||£15,000|
The total cost of a security attack
Even without the addition of ransomware and GDPR fines, the costs associated with a security breach could see the closure of several small and medium-sized businesses across the UK. As security breaches among SMEs increase, comprehensive and affordable solutions must become available to all companies.
Naq offers SMEs a one-stop cybersecurity and data compliance solution, including world-class cybersecurity, complete data compliance, staff training and security advice from as little as £99 per month. You can even try us for free today.