Arrow back

Small business cybersecurity training: Is it worth investing in?

11 February, 2021

We're lucky enough to speak to hundreds of organisations every single month, and often hear the same question asked: 'Is small business cybersecurity training worth it?'

Whilst cybersecurity attacks might seem like a big business problem, the reality for small organisations is stark.

19 seconds from now a small business in the UK will be hacked. Around 65,000 hacks are attempted on small businesses every day in the UK, with around 4,500 being successful. That's around a 7% success rate.

So, is small business cybersecurity worth investing in? Of course it is. The way we see it, if your organisation depends on technology to operate, cybersecurity training is as vital to your operation as a shutter is to a newsagent.

Don't believe us? Join us as we share the stats behind small business cyber attacks, the reasons small businesses are targeted, and how you can protect yourself.

What do the stats say about small business cyber attacks?

Small and medium-sized businesses are primary targets for cyber-attacks. Here are some recent statistics to paint a picture:

  • 40% of small businesses in the UK experience a cyber-attack each year (Statista)
  • Every 19 seconds a small business is hacked (Hiscox)
  • Every 14 seconds an SMB is victim to a ransomware attack (Herjavec Group)
  • 45% of employees receive no cybersecurity training (Kaspersky)
  • 71% of customers would take their business elsewhere after a data breach (Allianz)
  • 27% of malware incidents can be attributed to ransomware (Verizon)
  • 60% of SMBs that suffer a cyber-attack go out of business within 6 months (com)

These numbers paint a stark picture: SMBs are primary targets for cybercriminals and the consequences for these businesses can be devastating.

The most shocking stat of all though? A stunning 45% of employees receive no cybersecurity training at all. This has to change. Without cybersecurity training, employees cannot be expected  to protect themselves and the company against cyber-attacks.

Why are SMBs targeted?

SMBs are primary targets for cyber-attacks because they tend to have less security than larger enterprises, and in some cases, no security at all. Low security gives cybercriminals an easy payday. It’s easier to go after smaller fish than develop complex attacks to expose the big fish.

Another reason SMBs are targeted is that they often lack the ability to respond to attacks in real-time. SMBs are often slow to react to attacks, if they react at all, which gives hackers more time get in and out with whatever they are trying to steal.

SMBs are also guilty of not investing in cybersecurity training for employees. Over 90% of successful cybersecurity attacks can be traced back to human error. As such, training is important because it equips employees with the knowledge to recognise threats, prevent cyber-related incidents and respond to potential threats.

What impact could an attack have?

Cyber-attacks can result in financial losses from theft of information, financial losses from disruption to doing business, lost customers, costs from cleaning systems, costs from downtime, costs from fines if personal data is lost, damage to your reputation, damage to other companies and damage to your customers.

What is directly at risk?

When we talk about cybersecurity it can be difficult to imagine what is directly at risk and how it could affect your organisation.

Here’s what’s at risk:

Your money

Your money is at risk in several ways. Hackers could empty your bank account, steal cryptocurrency, intercept payments and raise false invoices. They could disrupt your service, interrupt subscriptions, and delete payment data.

Your IT-based services

In 2020, 43% of online security breaches were from attacks on web applications, more than double the results from last year (Verizon). The disruption caused by hackers to IT-based services can destroy a brand and business overnight.

Your data

Data takes many forms. It includes bank information, client lists, customer databases, emails, financial reports, deals you are making, pricing information, patents, manufacturing data, stock and inventory lists and much more.

What can your organisation do?

Invest in cybersecurity training

By taking steps to deploy cybersecurity training in your organisation, you can reduce your risk of breach by up-to 74%. Bob’s Business offers unique, jargon-free NCSC certified cybersecurity training solutions for organisations of all sizes.

Encrypt data

Use encryption on all devices that hold and receive data. This will ensure that sensitive data is useless without decoding.

Secure your computers

Your computers should have anti-malware software and two-factor authentication. You can also restrict access to certain websites and restrict downloads.

Secure your networks

Secure your network with a firewall, proxies, access control, antivirus software and a high-quality VPN. Enable two-factor authentication for admin access.

Monitor your systems  

Collect activity logs and monitor your IT systems. You can use performance monitoring solutions and network monitoring software to identify unauthorised or malicious activity.

Implement identity and access management

Identity and access management facilitates a secure and effective remote workforce and ensures devices can only be accessed by authorised people.

With our award-winning range of small business cybersecurity courses, you can start taking cybersecurity seriously in a fun, pragmatic way. Get in touch with us to discover how we can help your organisation become much more secure.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance