FSB News Release
PR 2013 25
Embargoed to 00:01 Tuesday 21 May 2013
Small firms lose up to £800 million to cyber crime, says FSB
In a new report, Cyber security and fraud: the impact on small businesses, the FSB has partnered with the Home Office and the Business Department to look at issues affecting small firms
New research from the Federation of Small Businesses (FSB) shows that cyber crime costs its members around £785 million per year as they fall victim to fraud and online crime.
The report shows that 41 per cent of FSB members have been a victim of cyber crime in the last 12 months, putting the average cost at around £4,000 per business. Around three in 10 members have been a victim of fraud, typically by a customer or client (13%) or through ‘card not present' fraud (10%).
For the first time, the FSB has looked at the impact that online crime has on a business. The most common threat to businesses is virus infections, which 20 per cent of respondents said they have fallen victim to; eight per cent have been a victim of hacking and five per cent suffering security breaches.
The FSB is concerned that the cost to the wider economy could be even greater as small firms refuse to trade online believing the security framework does not give them adequate protection. Indeed, previous FSB research shows that only a third of businesses with their own website use it for sales.
The report finds that almost 20 per cent of members have not taken any steps to protect themselves from a cyber crime. However, 36 per cent of respondents say they regularly install security patches to protect themselves from fraud and almost six in 10 members regularly update their virus scanning software to minimise their exposure to online crime.
In response to this, the FSB has developed 10 top tips for small firms to make sure they stay safe online.
Launching the report at an event in London today, Mike Cherry, National Policy Chairman, Federation of Small Businesses, said:
"Cyber crime poses a real and growing threat for small firms and it isn't something that should be ignored. Many businesses will be taking steps to protect themselves but the cost of crime can act as a barrier to growth. For example, many businesses will not embrace new technology as they fear the repercussions and do not believe they will get adequate protection from crime. While we want to see clear action from the Government and the wider public sector, there are clear actions that businesses can take to help themselves.
"I encourage small firms to look at the 10 top tips we have developed to make sure they are doing all they can. We want to see the Government look at how it can simplify and streamline its guidance targeted specifically at small firms and make sure there is the capacity for businesses to report when they have been a victim of fraud or online crime."
James Brokenshire, MP Parliamentary Under Secretary for Security, Home Office, said:
"Having personally been involved in the cyber security debate for several years now, I am pleased that the Home Office is working with the FSB to highlight the current experiences of small businesses.
"Cyber security is a crucial part of the Government's National Cyber Security Strategy and we need to make sure that all businesses, large and small are engaged in implementing appropriate prevention measures in their business. This report will help give a greater understanding of how online security and fraud issues affect small businesses, giving guidance as well as valuable top
tips to protect their business."
David Willetts, MP Minister for Universities and Science, Department for Business, Innovation and Skills
"The Department for Business, Innovation and Skills (BIS) published guidance in April 2013, ‘Small businesses: what you need to know about cyber security', based on our comprehensive ‘10 Steps to Cyber Security' guidance. This guidance sets out the current risks, how to manage these, and plan implementation of appropriate security measures.
"We know only too well of the importance of securing buy-in from both big and small business in implementing appropriate protection against cyber risks - business success can depend on it. Increasing security drives growth.
"I support all efforts, like the FSB's, to provide clarity on the issues small businesses are facing, and more importantly, what they can do about them. I urge all small businesses to follow the FSB's advice."
Notes to editors
1. The FSB is the UK's leading business organisation with around 200,000 members. It exists to protect and promote the interests of the UK's Real-Life Entrepreneurs, and all those who run their own business. More information is available at www.fsb.org.uk
2. The 10 top tips for business are:
• Implement a combination of security protection solutions (anti-virus, anti-spam, firewall(s))
• Carry out regular security updates on all software and devices
• Implement a resilient password policy (min eight characters, change regularly)
• Secure your wireless network
• Implement clear and concise procedures for email, internet and mobile devices
• Tran staff in good security practices and consider employee background checks
• Implement and test backup plans, information disposal and disaster recovery procedures
• Carry out regular security risk assessments to identify important information and systems
• Carry out regular security testing on the business website
• Check provider credentials and contracts when using cloud services
3. The report makes recommendations for businesses, the police, banks as well as the public and private sector:
• Seek out ways to protect your business from fraud and online crime using the FSB's ‘Top 10 Tips', BIS guidance and resources available through Action Fraud and GetSafeOnline
• Report fraud to Action Fraud www.actionfraud.police.uk
if it occurs and contribute to a more complete intelligence picture
• Launch a national advertising campaign to build awareness of the Action Fraud reporting facility
• Make the Action Fraud website the main port of call for small business advice on prevention of online crime and fraud, effectively cross referencing to GetSafeOnline
Banks and card payment providers
• Make businesses aware of the importance of online security and the risks of fraud and the need to take preventative measures before they start trading
• Be more upfront with businesses about the risk of card not present fraud, making the message that ‘authorisation doesn't guarantee payment' clear when businesses initially sign up for payment systems
• Streamline and simplify the PCI-DSS self assessment and compliance forms so they are more responsive to the needs of small and micro businesses
Police forces and Police Crime Commissioners
• Fully back and implement signposting to Action Fraud linking up effectively to give good advice and signposting to businesses at a local level
• Manage business expectations around the police response to fraud and online crime by highlighting the benefits of reporting in terms of feeding into a wider intelligence picture
• Inform businesses what the police do not have the capacity to deal with so they can take preventative measures to help themselves more
Private sector partnership
• Encourage the use of regional networks, such as the Regional Fraud and business crime forums, including the National Business Crime Forum, to promote consistent and concise advice on prevention to small businesses
4. The research is based on a survey of 2,667 members of the FSB ‘Voice of Small Business' Survey Panel. The research took place between 20 September and 3 October 2012. The survey was conducted by Research by Design on behalf of the FSB. To find out more visit www.fsb.org.uk/fsb-survey-panel
5. The average cost to each business of cyber crime is £3,926. Multiplied by 200,000 FSB members this equals £785,200,000.
6. Case studies are available. Please contact the FSB press office for more details.
Spokespeople are available for media interviews