Cyberattacks costing UK small businesses close to £1 billion a year as experts issue stark warning
Bosses running their own companies are being warned to stay vigilant and strengthen their defences
Cyberattacks are costing UK small businesses close to £1billion a year, LBC can reveal - as experts warn of the increasing online threat faced by independent firms.
Listen to this article
Figures shared exclusively with LBC reveal that more than £921.2million is lost to online criminals every year, with the National Cyber Security Centre warning the business sector to strengthen its defences in order to survive.
Experts have warned that criminals are "taking advantage" of companies moving their trade online, causing "devastating" consequences amid a surge in online attacks.
Data released by money.co.uk listed law, consultancy, and research firms as the worst affected, who lose an estimated £152.3 million annually to cybercrime.
Read more: Online safety ‘getting worse’, warns former UK cyber security agency boss
Experts blame this on their handling of sensitive client data and proprietary research, which make them high-value targets for phishing attacks.
Second on the list are the administration and real estate sectors, who lose just under £126million.
Joe Phelan, business bank accounts expert at money.co.uk, said: "The reality is that the threat to small businesses has been building for some time.
"Many smaller firms still think they're too small to be targeted, and that false sense of security can make them more vulnerable.
"Most simply don't have the same level of protection, staff, or expertise as larger organisations, so even a single breach can be incredibly harmful."
Over two-fifths (43 per cent) of surveyed businesses reported a cyber breach in the last 12 months, while Government data shows that 85% of all reported crimes involved phishing attacks.
Professional, scientific, or technical firms (55 per cent) and administration, real estate, finance, and utilities (all at 48%) also reported high rates of cybercrime.
Mr Phelan said: "There has been a clear rise in cyber attacks. As businesses move more of their operations online, their data becomes more valuable and, for hackers, more accessible, and criminals are taking advantage.
"Ransomware attacks that once focused on big corporations are now hitting small firms too, because they often lack the resources or protection to fend them off.
"It's difficult to single out cybercrime as the biggest threat to small businesses, but it's certainly one of the most damaging.
"Rising costs mean many small firms can't afford the tools or training to stay protected, and they often have to prioritise more immediate concerns like energy bills, rent, or payroll.
"That can leave them exposed, not because they don't care about cybersecurity, but because they simply don’t have the resources to do everything.
"We've seen sectors lose over £150million to cyberattacks in the span of just 12 months, with hundreds of thousands of small and micro businesses affected. For many, a serious breach has the potential to be devastating."
According to a study by the Federation of Small Businesses, 72 per cent (3.69mil) of small businesses in England and Wales experienced some form of cybercrime in the past two years.
Offering advice to business owners, Mr Phelan said: “No business is too small to be a target, so the most important thing is not to assume it won't happen to you.
"The priority should be to build good habits into everyday operations.
"Things like regular software updates, strong passwords, and basic staff training to spot suspicious emails or links, even small steps can make a big difference.
"It's also worth thinking about how your business would cope if you were hit, for example, by setting aside a financial buffer in a savings account or using a bank account with strong fraud protections.
"The goal isn't to eliminate all risk - that’s impossible, but to do all you can to ensure that a single attack doesn’t bring your business to a halt.
"The UK is currently one of the most targeted countries in Europe and cybercriminals are constantly evolving their tactics.
"If businesses don't stay on top of basic protections - like software updates, strong passwords, and staff awareness - there's every reason to expect these figures could keep rising.
"Being proactive is essential. Organisations that plan and take practical steps to reduce their exposure will be far better positioned to weather the risks."
A Government spokesperson told LBC: "Every business should prioritise cyber security to boost protections for their workers, customers, and bottom lines.
"Ministers recently wrote to businesses to set out the simple steps they can take to bolster their cyber security, and free advice from programmes like Cyber Essentials and the Cyber Governance Code of Practice also helps ensure firms can protect themselves from cyber attacks and deal with their disruption.
"Earlier this month we also introduced the Cyber Security and Resilience Bill, which will ensure our economy is better protected than ever – securing the most important digital services and suppliers that businesses and public services rely on."