Cyber attacks - how vulnerable are SMEs?

Home / Bulletins / Cyber attacks - how vulnerable are SMEs?

With the introduction of GDPR in May 2018 business will have to report data breaches to the ICO within 72 hours after detection and could possibly face a fine, these could be as high as 4% of your turnover.

A Survey by Zurich Insurance has established that only 28% of SME owners can currently guarantee that they could continue following a fine of this magnitude.

Breaches of GDPR become more prevalent when you consider that over 75% of SME's will have experienced a phishing, Cyber attacks are therefore a real threat with considerable impact on finances.

Almost every type and size of business today is reliant on data.

While all businesses will understand that some of the data they hold - such as employee payroll details, or customer addresses and passwords - could be susceptible to attack by cyber criminals, there can be a perception that SMEs are less vulnerable than larger firms.

The reality is that small businesses' data are being targeted - it's just that these attacks are not as widely reported.

The introduction of GDPR in May 2018 will mean that businesses will have to report a data breach to the Information Commissioner's Office within 72 hours after detection and could possibly face a fine.

A recent Zurich SME Risk Index found that one in six SMEs had suffered a cyber attack during the previous 12 months..

What kind of data breaches should SMEs be aware of?

In order to help businesses understand how well prepared they would be for a potential data breach, consider the following scenarios:

1. A business owner switches on their computer and finds all their data has been erased as a result of a system failure or malicious attack

Their first response would likely be 'when and where did I last back up this data?' In an ideal scenario, they would be able to recover it quickly and easily. However, what if the person responsible for creating back-ups had failed to do so, or worse still, what if these back-ups had been stolen or corrupted?

Would they have the in-house IT expertise to locate and recover the lost data? How much time would it take staff to try to trace and recover this data, and what impact could this have on their operations?

2. A cyber-attack compromises their IT systems.

How easy would it be to detect the source of the attack, and identify what data had been compromised? How easy would it be to prevent the breach spreading? How much time would it take to alert all those whose data had been breached? How would it impact the business' reputation?

3. A business suspects an employee of stealing confidential information.

How would a business respond if they had reasonable grounds to believe that someone within their organisation was involved in criminal activity by either stealing or leaking confidential information, such as customer details, plans, specifications, drawings or accounts?


In any of the scenarios, would the business know how to obtain and preserve the evidence required to initiate disciplinary proceedings, or potentially to support a criminal prosecution, in a way that would be legally admissible?

For more information, please speak with Paul Masters on 0121 631 8903 or email

Source of article Zurich insider article posted on 13th March 2018

Latest Bulletin
Contact Us
Dunsby Associates Insurance Brokers Limited
4th Floor
New Oxford House
16 Waterloo Street
B2 5UG
0121 631 3051 0121 665 6280