One third of small businesses believe it's just a matter of time before they are affected by a cyber attack and yet most SMEs don't have a recovery plan.
PolicyBee polled 500 UK SMEs and found that one in three says that a cyber attack on their business is a matter of "when" not "if".
However, the research found that:
- 74% have not put any budget aside to deal with an attack;
- 43% have no plans and will respond only when it happens;
- Just 14% of all SMEs have a tested plan that covers all bases.
Cyber insurance expert Sarah Adams said: "Large corporates … know exactly what to do in the event of a cyber attack. However, small businesses seem to be chancing their luck and despite expecting to be hacked, aren't preparing to be prepared."
The findings show that younger respondents are more aware of potential cyber risks - just 22% of 18-34 year olds think a cyber-attack is unlikely, compared to 41% of 35-54 year olds and 56% of 55+ year olds.
Sole traders believe they are least at risk from a cyber attack: 71% say it is unlikely, compared to 32% of businesses with 10-49 employees.
"The difference between a large and small company is that at least in the short term, no single individual will lose their income in a big business - but in a small business, their day to day livelihood could be altered dramatically within a scarily short space of time," said Adams.
"It's not … that all SME owner-managers are burying their heads in the sand … It's more that these busy owner-managers haven't prioritised any time to deal with the aftermath of an attack … we need to make cyber recovery part of the general discussion now too."
Also this week, a report by Advanced has found that fears about cyber attacks have not dented plans by businesses to use cloud services. It found that while most organisations are concerned about security (82%) and data protection (68%) in the cloud, 80% of them still plan to adopt more cloud technologies.
"It's encouraging to see businesses are undeterred from using the cloud," said Jon Wrennall, cto at Advanced. But he warned: "It's right to be concerned about security; it's time that all of us as cloud services providers take a reality check. There's still a job to be done in creating trust in the cloud."