Almost 50% of UK small to medium enterprises plan to spend £1,000 or less on cyber security in the next year and 22% do not know how much they will spend, insurance firm Zurich has found.
Businesses in London are the worst affected, with almost a quarter (23%) reporting suffering a breach within this period.
Of businesses that were affected, more than one fifth (21%) said it cost them more than £10,000 and one in 10 (11%) said it cost more than £50,000.
Yet despite the volume of attacks and potential losses, the survey of more than 1,000 UK SMEs showed that business leaders are not committing to investing significantly in cyber security in the year ahead.
The survey, by YouGov on behalf of Zurich, found that 49% of SMEs admitted they plan to spend £1,000 or less on their cyber defences in the next 12 months, and almost a quarter (22%) do not know how much they will spend.
The lack of planned investment in cyber defences is also surprising in the light of the fact that business leaders report that strong cyber security is giving them an opportunity to stand out from competitors, with as many as one in 20 claiming to have gained an advantage over a competitor because of stronger cyber security credentials.
This trend is confirmed by a separate survey of SMEs by security e-learning firm CybSafe, which showed that half of SMEs polled have had cyber security conditions included in contracts with enterprise customers in the past five years, and one-third of respondents said they have had their cyber security measures questioned as part of winning contracts in the past year.
Also, 44% said they have been required to hold a recognised cyber security standard, such as ISO 27001, by their enterprise customers in the past five years and 28% in the past year alone, demonstrating a clear trend in enterprise approach to supplier information security.
“While recent cyber attacks have highlighted the importance of cyber security for some of the world’s biggest companies, it is important to remember that small and medium-sized businesses need to protect themselves too,” said Paul Tombs, head of SME proposition at Zurich.
“The survey results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses.”
However, Tombs said that although the rate of attacks on SMEs is troubling, it also shows there is an opportunity for businesses with the correct safeguards and procedures in place to use this as a strength and gain an advantage.
In September 2016, a report by Juniper Research revealed that 74% of UK SMEs believed they were safe from cyber attack, despite half of them admitting having suffered a data breach.
The report showed that 86% of the SMEs surveyed thought they were doing enough to counter the effects of cyber attacks, and 27% believed they were safe from attack because they were small and of no interest to cyber criminals.