Fail to prepare, prepare to fail
Small business (SMB) owners know the importance of being prepared. Predicting the future is hard at the best of times, so business owners need to prepare for the impact of events affecting business continuity on everything from reputation and cash-flow to productivity and profit. For example, managers will account for how a long-term sickness in the team or a sudden hike in supply cost can unbalance their books so contingency costs can be factored into budgets.
How can small businesses prepare for a cybersecurity incident?
While 60% of small businesses have been a victim of cybercrime, most won’t buy any small business cyber security products in the upcoming financial year. So, considering the multiple entry points that a business offers to hackers, why is the cost of a cyberattack not a priority for SMBs?
The answer may lie in the lack of resource in small business. While large organizations often have entire IT departments, start-ups and medium-sized businesses usually have other priorities – from cash flow to winning new business. So, when cash is tight, why fork out on cyber protection?
This article will answer that question.
By helping you to compare the cost of protection with the potential cost of a cyberattack, you will be armed with the knowledge you need to make the right decision for your business.
The cost of a security breach
Industry experts Cybersecurity Ventures have predicted that cybercrime will cost $6 trillion a year by 2021. This figure may sound alarming, but many SMBs fall victim to the idea that ‘we’re too small to be targeted’. The truth is that small business are targeted, and usually for the very reason that they are less protected than larger companies and therefore an easy target.
A survey conducted by the Federation of Small Businesses (FSB) in 2016 showed that, on average, a small business will be attacked four times every two years, costing them £3000 ($4,200).
Ransomware is an attack that holds sensitive data hostage until a payment is made – and it’s on the rise. By 2019, a business will fall victim to a ransomware attack every 14 seconds, compared to every 40 seconds in 2016. The average ransom asked for is about £3,000 per user ($4,200), and almost half the ransomware attacks in 2016 spread to at least 20 other users. If your company has 20 staff, that’s a hefty £60,000 you could be coughing up.
The cost of an attack to a business is not only immediate, it could have a long-term effect on your business. Do consumers or clients want their information to be held by a company that has had a data breach? According to the US Securities and Exchange Commission, six out of 10 small businesses close six months after a cyberattack.
Your employees also may have something to say. Hackers behind a phishing attack in early 2017 targeted businesses and requested employee’s personal tax information be sent to them. The attack was clever – and made to look like it was from an executive or official. More than 120,000 employee tax forms were handed over. Phishing attacks are the most common form of cyberattack, affecting half of small businesses.
The cost of antivirus for business
When money is tight, small business owners can’t be blamed for balking at the prospect of spending thousands a year on a security solution – after all, how often does an attack even happen to a small business? (answer: 52% of small businesses suffered a cyberattack in 2017).
However, most cybersecurity companies offer products specifically developed for small businesses, alongside their consumer and big business products. Consumer versions are consistently priced per device, no matter how many you buy, whereas small business antivirus packages offer cost effective scaling options for cheaper buying in bulk.
Business protection ranges in price depending on the features and quality of the antivirus software. For example, you can expect to pay about £30-£40 ($42-$56) per year for business antivirus protection on one computer. The cost per computer then reduces to around £20 per device as you scale to cover more PCs. So, if you have a business with eight computers, you can expect to pay about £160 ($222) per year. In contrast, buying premium consumer licenses would cost upwards of £550 ($763.)
Most standard licenses last between one and three years and the best antivirus usually includes internet security, a firewall and remote management. Basic offerings may be advertised for free, but always check the features included in the free version as this is unlikely to offer the level of protection necessary to fully protect your business.
Cost of antivirus protection vs cost of a cyberattack
Reading all these facts and stats can be overwhelming, especially for a small business owner simply wanting to ‘do the right thing.’ So, to make the information easier to digest, here’s a side by side comparison.
A colleague receives an email with a link which, when clicked, downloads a virus that impersonates email accounts of the staff in your business. Over the next few weeks, unbeknownst to you, the hacker responsible for the virus siphons information that allows them to access your business bank accounts and customer database.
Over the next week, the criminals steal almost £400,000 from your account (similar to the case of construction firm PATCO, who lost $545,000 and were reimbursed less than half of this by the bank) and corrupt your customer database (as happens in a fifth of cases.)
When you discover the attack, you must stop operating immediately to investigate the incident and check for further breaches. The loss in revenue is about £30,000.
After the attack, the team works extra hours contacting customers to explain the situation and ensure the details stored on them are correct. This costs the business about £5,000 in additional working hours and other admin costs. At the same time, a potentially lucrative business client pulls out as they are concerned about their data being compromised. You lose £6,800 from the collapse of this deal.
Total cost to your business: £441,800 ($616,824.)
You buy antivirus protection for your business’ 11 computers for the next five years.
Total cost to your business: £1,650 ($2,317)
Antivirus is an annual cost that’s probably less than you think, and one that you can easily account for in your yearly budget planning. An attack may never happen to you – but cybercrime is on the rise, and if you are attacked, could you easily recover? How many customers might you lose after an attack before you can no longer balance your books? How important to you is continuity of service?
There is no simple answer when it comes to weighing up decisions around business spending, but from what you’ve learned here, you should be feeling more empowered and more informed.
If you’re interested in learning more about security solutions for small business, you can compare our solutions here.