Cyber attacks can be damaging for small firms as well as household names

David Prosser
Monday 07 December 2015 01:13
JD Wetherspoon have admitted that hackers had stolen data on more than 650,000 customers from the pub chain
JD Wetherspoon have admitted that hackers had stolen data on more than 650,000 customers from the pub chain

Another day, another cyber attack on a well-known British company. JD Wetherspoon said on Friday that hackers had stolen data on more than 650,000 customers from the pub chain. The detail is not yet clear, but the business will be aware of the damage these attacks can cause. TalkTalk thinks the attack on its systems last month could cost it as much as £35m.

The Wetherspoon attack, though at first sight less serious-looking, underlines how companies in any business – not just tech – are seen as targets by hackers. And nor is size a factor – small and medium-sized enterprises (SMEs) are just as likely to come under attack as big business.

However, SMEs are only just beginning recognise this danger. In a poll of more than 3,000 SMEs by Zurich Insurance in 15 countries, just 8 per cent said they saw cyber crime as the greatest risk facing their businesses, though this was twice as many who said the same in 2013 when the poll was last conducted. Most SMEs are far more focused on traditional business risk, such as fluctuating consumer demand and the threat posed by competitors – and one in six companies told Zurich they regarded themselves as too insignificant to be of interest to cyber criminals.

The Government’s Cyber Streetwise campaign this year found that two-thirds of British SMEs didn’t consider themselves vulnerable to attack. Only 16 per cent intended to prioritise improving their cyber security during 2015.

Cyber security experts argue that SMEs are actually more at risk, because hackers know they are less likely to have put defences in place – they may hold less data than larger companies, but getting at it is easier. Cyber Streetwise suggested that a staggering 33 per cent of smaller businesses have suffered a cyber attack from outside their business.

Risks include a business’s intellectual property being sold to a competitor and email addresses being sold to spammers.

The Government’s analysis suggests that a typical security breach at a small company costs the business £300,000 – enough to put many out of business. Many SMEs lack the in-house expertise to cope with an attack, so it takes them longer to resolve the problems caused – that may lead to extended interruption of trading. And reputational damage should be a consideration too.

Even in the absence of an attack, failing to take precautions can damage the business. The Government won’t allow any company that doesn’t have its Cyber Essentials accreditation to bid for work with it. Other public-sector organisations have followed that lead, while private sector businesses increasingly operate on a similar basis.

There is no excuse for failing to take cyber security seriously. Not least because the Government itself offers SMEs a wealth of free advice and services – the Cyber Streetwise campaign has been criticised in some quarters as lacking rigour, but businesses who use its tools and follow its advice will find they have a good first layer of protection on which to build.

The bottom line, says Neil Eames, development manager at the Federation of Small Business, is “that if you have an online presence, you are a target”.

Late payments are stopping businesses growing

More than one in 10 small businesses still have to wait more than 90 days to get their bills settled, research shows. Tungsten Network said that despite initiatives such as the Prompt Payment Code, 12 per cent of small businesses were waiting 90 days or more to get invoices paid – a quarter of those have to wait more than 120 days.

Rick Hurwitz, chief executive of the Tungsten Network, said late payments were preventing businesses investing. “Too many SMEs struggle to span the working capital gap between completing a job and getting paid,” he said. “After paying out their costs, they often have to wait too long for their customers to pay them – we know these extended payment terms are seriously impacting their ability to invest in growing their businesses.”

Philip King, chairman of the Prompt Payment Code Advisory Board, insisted that recent improvements to the code were helping, but warned that such initiatives needed greater profile. “What is vital is that the code is given greater visibility, publicity and support to encourage more people to engage when things go wrong, and to highlight the examples of good practice that are already prevalent,” he said. “The mechanism exists but it needs to be used more.”

Lending secured against assets is at a record high

Small and medium-sized enterprises in the UK and Ireland now have £20bn of lending secured against their assets, more than ever before, according to the Asset Based Finance Association (ABFA) – and twice as much as the £10bn of debt held by SMEs in the form of bank overdrafts.

Asset-based lending spans traditional debt arrangements such as borrowing against property and plant, but also includes alternative finance such as lending against invoice finance. The growing importance of these newer forms of debt provision have seen the sector grow to an all-time high.

“Businesses are keen to invest for growth and are looking to their existing assets to unlock the funding they need to achieve it,” said Jeff Longhurst, chief executive of the ABFA. “More and more businesses see unpaid invoices, plant and machinery as a potential source of finance rather than an impediment to cash flow.”

Small Business Person of the Week: Anthony Ward Thomas, Founder, Anthony Ward Thomas Removals

I founded the business in 1985 and it was originally just me and an old Bedford van – I carried on doing the physical part of the job for three or four years until we got so big that I needed to become a full-time manager. We’ve grown organically and now have 100 vehicles and annual revenues of £22m. We grew by mistake, really: I never wanted to be the king of removals, but I just never turned business away. Even through recession, we’ve continued to grow, because we’ve diversified into related businesses. We have a specialist equipment hire company, for example.

I’ve been fortunate, and I’ve become interested in trying to give something back. A few years ago I competed in a 1,000-mile race across Mongolia on horseback, which raised a good sum for charity, and I’ve done various other adventures on bikes.

The next challenge is to cross the Atlantic in a pedalo; it’s a slightly more sophisticated boat than you’d hire on the beach, but we’ll be crossing entirely using pedal power, which no one has done before, and setting off at the end of January.

We’ve raised £30,000, mostly without really trying, and I’d like to get that above £100,000. I’m raising money for Naomi House, a children’s hospice – it’s precisely because I’m lucky enough not to have sick children who need this kind of health that I wanted to support Naomi House, because you just realise how much you take for granted.”

See for details

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments