“SMEs reportedly not prepared for cyber-attacks” – More and more SMEs are subject to cyber-attacks and are worryingly not prepared for them

“SMEs reportedly not prepared for cyber-attacks” – More and more SMEs are subject to cyber-attacks and are worryingly not prepared for them

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Amongst all the ‘high-profile’ data breaches like Yahoo and TalkTalk, there isn’t a lot of media coverage surrounding small-medium sized enterprises (SMEs) and the data breaches they’re guilty of.

However, SMEs should remain vigilant as there is a rise in cyber-hacks in recent years, with cyber-criminals targeting small businesses just as much as the larger ones.

The legislation affects us all, so no one can hide from it – no matter your size!

Statistics of cyber-attacks against SMEs

According to a PwC study, cyber-thefts have increased by 56 per cent. There could be multiple factors as to why there has been such a sharp increase in recent years, but the major point is that it seems that no one is vigilant enough or ‘cybersecurity’ ready to fend off potential hacks.

Symantec, a ‘global leader in next-generation cybersecurity’, released figures that should be worrying to SMEs. They reported that almost half – to be exact, 43% – of cyber-attacks worldwide were conducted against small businesses with less than 250 employees.

So SME businesses need to be concerned.

Why are SMEs targeted?

It seems cyber-criminals may be targeting SMEs more and more. This could be because larger companies can sometimes be harder to attack as they sometimes have dedicated departments to deal with cybersecurity. The same cannot be said for SMEs who may not be able to afford 24/7 monitoring or have dedicated teams.

According to the World Economic Forum, cyber-crimes are listed as a top global risk. With that in mind, why are companies (specifically small ones) taking a relaxed attitude to cybersecurity and their data protection?

It’s reported that many small businesses have poor cybersecurity. They may lack protective safeguards such as anti-phishing email systems; a cybersecurity team; data encryption processes; and other measures that may be costly. It may be almost ironic that the companies being increasingly targeted are SMEs, yet they’re the ones without adequate cybersecurity protection.

A survey commissioned by Nationwide revealed that 8 in 10 SMEs lacked a cyber-attack response plan.

Easy targets?

There are a number of ways that SMEs are being subject to cyber-attacks. With a lack of adequate cybersecurity, cyber-criminals could break into businesses through easy tactics like phishing attacks. This is where cyber-criminals may seek to obtain sensitive information by masking themselves to be a trustworthy entity. Cyber-criminals often send out these malicious spam emails to SME employees pretending to be a bank, for example.

Another tactic that is used on SMEs is ransomware attacks. This is where cyber-criminals install malware on a computer which can then be locked down through encryption, with access and data only returned once a ransom has been paid. This happened to a Blackburn-based company, MNH Platinum, who had 12,000 of their files encrypted on the demand of a £3,000 payment, or all files would be destroyed.


The consequences of a cyber-attack can be very serious. It’s more than what is lost in the attack, it can also be a huge hit to the company’s pocket. The Information Commissioner’s Office can impose a fine of up to £500,000 for their breach of the Data Protection Act. What’s even worse for companies is the upcoming EU Data Protection Regulation, which can impose fines of up to 20 million EUR or 4 per cent of their annual revenue (whichever is greater), which is due to be enforced in 2018.

We of course agree that these new enforcement rules are good though.

Seven deadly data sins

David Prosser, an expert on SMEs, notes that SMEs are guilty of committing seven data sins:

  • Employees will abandon their printing job if the printer has jammed or run out of paper – consequently leaving sensitive documents around;
  • With hi-tech photocopiers, there are hard drives that keep all the images that it has photocopied in their lifetime. Cyber-criminals could access these hard drives once they’re taken out of their machines;
  • Without care, sensitive documents end up in an unsecure recycling bin;
  • USB drives;
  • Simply leaving documents lying around on your desk;
  • Unsecure storage units such as cabinets;
  • Office laptops and mobiles, which could be accessed in a public communal space.

SMEs: listen up!

In an event of a data breach, the price to pay for SMEs can be devastating for the business. Having to pay thousands or millions in fines could shut down a SME. In addition to this, their reputation is also under threat. These consequences should be enough for SMEs to pluck up its ideas to enhance their cybersecurity!

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon