Skip To The Main Content

Increase resilience against security threats and crime

Tackling the Growing Threat of Cyber-Crime

Tackling the Growing Threat of Cyber-Crime

Over the last couple of decades, the economy has shifted towards one that relies on a complex digital communications infrastructure. This offers tremendous opportunities for smaller businesses. The digital economy information age began with personal computing, mobile telephony, the internet and email. It has now moved even further with cloud computing, smart devices – such as tablets and smart phones – and social media. These innovations have helped businesses to reduce costs, increase their efficiency and widen their market reach. The nascent internet of things is going to generate opportunities even further.

However, these benefits have brought with them a wide range of risks for both smaller businesses and the wider economy, from large companies to digital communications infrastructure. In a highly interconnected economy, a risk for one is a risk for all.

The biggest risk comes from the threat of cyber criminality, a rapidly evolving threat that is in danger of becoming ubiquitous in the digital world. In fact, the costs and risks of cyber criminality are already increasing. Our research suggests that smaller businesses were the victims of around seven million cyber-crimes per year (in 2014 and 2015), with the average cost of cybercrime against small businesses amounting to £3,000. The total annual cost to small business was around £5.26 billion (over 2014 and 2015).

Smaller businesses often have limited financial, technical, and human resources at their disposal. As a result, most do not have access to the resources and knowledge to best develop their business’s cyber resilience. These constraints, along with technological and organisational vulnerabilities, mean that small businesses often cannot easily reduce their own exposure to cyber risks. Nor are they best placed to contribute significantly to the high level of resilience among the commercial supply chains in which they participate and the digital communication networks on which they rely.

Whilst the EU has attempted to strengthen its cybersecurity framework, it needs to act further to improve the cyber resilience of smaller businesses and to tackle the growing threats of cybercrime. This includes a greater sharing of the burden of cyber resilience across business (large – especially those providing the technological and economic infrastructure – and small), government, and individuals.

    FSB suggests:

  • Encouraging all the EU’s current and future trading partners to sign-up to the Budapest Convention on Cyber-Crime, the UN Convention Against Transnational Organised Crime, as well as a myriad of Mutual Legal Assistance Treaties between countries and law enforcement agencies.
  • That the EU’s Cyber Security Agency (ENISA) surveys and records the scale of cyber-crime against the business community more routinely, including as part of its annual review.
  • Requiring software providers, especially those operators providing cyber security software, to make automatic patching and updates the default option on all producers. Hardware suppliers should also have to adequate security features bundled with their products and a high default protection setting.
  • Improving the law enforcement response to cyber criminality in the longer term through effective coordination of Member States cybersecurity and crime agencies.

Strengthening Resilience Against 21st Century Terrorism

Strengthening Resilience Against 21st Century Terrorism

Small businesses are generally more vulnerable to significant commercial disruption from terrorist incidents than larger firms are. This is for the simple reason that larger businesses have more resources at their disposal to anticipate and plan for a wide range of potential risks and to absorb the impacts on revenues and business assets more easily.

Such disruption often has wider negative consequences for local economies as smaller businesses face a double whammy, suffering from both the initial disruption and hit again by the time taken to recover. In some cases, the return to normal can be more disruptive and financially detrimental to local and regional economies than the actual attack itself.

Recent attacks across Europe have seen areas closed down for a considerable period, which has resulted in an extended disruption to trading for many smaller firms. While the investigation into an attack is paramount, it is important that local communities are able to ‘keep calm and carry on’ as soon as possible. Where that is not possible, information for local businesses about when the disruption is likely to end needs to be disseminated effectively so they can plan accordingly.

In order to help reduce the short and longer-term negative impact of a terrorist incident on small businesses and local economies, small firms need to be able to plan ahead in order to be resilient in the face of any threat or attack that may come along. However, smaller firms generally struggle with resilience – be that a flood, fire, civil disturbance, failures in the supply of essential services, cybercrime or a terrorist attack.

The nature of small businesses mean that they are not able to invest in contingency planning and afford associated measures as extensively as larger firms. We want small businesses to continue to play its part in defying the current and ongoing terrorist threat. They play a central role in helping affected communities return to normality – as has been witnessed on many occasions recently, with small, family run businesses providing shelter, sustenance or support to both emergency services and their local community.

However, for smaller businesses to be able to continue in this role they need some additional support to help them be more resilient in the face of terrorism.

    FSB Suggests:

  • Launching an awareness raising campaign in the business community about the threat of terrorism and the importance of undertaking planning and preparation for such incidents.
  • Identifying best practice for supporting businesses in the aftermath of an attack.
  • Encouraging Member States to introduce a ‘flexibility clause’ requirement in supply contracts in regulated utilities such as financial services and energy, whereby it is possible for a business affected by a terrorism incident to delay a payment to help short-term cash flow.
  • Conducting an analysis of best practice across the Member States regarding re-insurance.