Coalition’s latest cybersecurity report highlights a disparity between awareness of cyber threats and the actual investment of time and resources into cybersecurity programmes.
According to the study, small businesses broadly acknowledge the growing risk of cyberattacks but often do not consider themselves likely targets or adequately prepare for potential incidents.
Among the UK-specific findings, 86% of small business leaders reported being very or somewhat concerned about cyber threats in the next 12 months, close to the 87% reported globally. Similarly, 83% said they believed their cyber risk had increased over the past year, matching global results.
However, despite these concerns, 61% of UK respondents said they believe they are too small to be considered viable targets for cyberattacks. This figure compares to 64% globally. At the same time, 77% of UK small businesses experienced at least one cyberattack in the past five years, versus 79% globally.
The study also found that 53% of UK respondents spend 10 hours or less per week on cybersecurity tasks, compared to 59% globally. In terms of budget, 63% of UK businesses allocate 10% or less of their total budget to cybersecurity, slightly below the global figure of 74%.
Tom Draper (pictured above), managing director of Coalition UK, said UK-based small businesses reported a comparatively higher level of investment in cybersecurity programmes than their global peers.
“This reflects the UK approach to risk management, which is to quantify and then mitigate as priorities, with risk transfer a subsequent discussion. This should give UK insurance brokers comfort in talking to UK firms about cyber risk,” Draper said.
The potential cost implications of these cybersecurity gaps are significant. According to analysis by Howden, UK businesses could reduce cyber-related losses by up to 75% through the adoption of basic cybersecurity measures. The firm estimates that improved cyber hygiene could have saved around £30 billion between 2019 and 2024.
Coalition’s own claims data supports this shift in emphasis. While ransomware remains among the costliest types of cyber incident, the most common claims in the past year stemmed from business email compromise (BEC) and funds transfer fraud.
What are your thoughts on this story? Please feel free to share your comments below.
