No matter how big the business, no organisation is too small to be a target for cyber criminals. This year 74% of small businesses in the UK reported having suffered a security breach. From the loss of Intellectual Property, reputational damage, to impacting the bottom line, the aftermath of cyber attacks can go so far as to spell the end for some businesses.

While some businesses have woken up to the insurmountable threat of cyber crime, some of the breaches this year demonstrated that many companies still aren’t doing enough to reduce the risk of a compromise.

Programmes like the government’s Cyber Essentials scheme have helped drive this increased consciousness, and large and small businesses alike now believe that security is either a high or very high priority to their senior management (76% and 82% respectively).

Whereas many large businesses have responded to this challenge by employing Chief Information Security Officers (CISOs) or by purchasing advanced integrated security solutions, for small and medium sized enterprises (SMEs), throwing money at the problem just isn’t an option.

This has left many bemused as to the most effective way to spend their cyber security budget and for many small businesses it’s asking ‘how’ and ‘how much’ that dominates the conversation.

It’s not him or me, it’s all of us

Perhaps the largest misconception surrounding cybercrime which remains in 2016 is that the impact of a cybercrime touches only the company and customers personally affected by the breach. But the cost of cybercrime to the British economy impacts us all.

A recent report by Allianz Global Corporate & Specialty estimated the cost of the cyber crime in the UK at £2.8bn per year, which, in the era of deficit is a significant drag on our economy. With such a high cost to the whole economy and society, cybersecurity must no longer be considered merely good practice for all companies, but a responsibility.

The cost of cyber crime to the UK economy is counted in the billions

Businesses must make a commitment to the economy and assume responsibility to ensure that it is employing appropriate techniques to mitigate the threat of cybercrime. And with many SMEs holding tight purses strings on their cybersecurity budgets, informed and effective choices are essential to maintaining a sufficient standard of cybersecurity.

So before we can demand that all businesses assume this responsibility, the government and the security industry must work together to ensure that all businesses have the information and tools to make the best decisions for their cybersecurity programmes.

Getting the essentials right

The government’s Cyber Essentials scheme does just that. Offering the first steps of basic cyber hygiene measures that all organisations can implement and build upon, it helps provide businesses with the essential information that can significantly reduce a business's risk.

The impact that knowledge and effective cybersecurity planning can have on an organisation cannot be underestimated. Achieving the basic level of cybersecurity could prevent up to 80% of cyberattacks, to which companies would otherwise be vulnerable.

But not only does it allow companies to massively reduce their vulnerability to cyberattacks, the cyber essential accreditation can be used as a badge to show potential partners and their customers to gain a competitive advantage by demonstrating that they have achieved a government and industry-endorsed basic standard for cybersecurity.

In the wake of the Carphone Warehouse and Ashley Madison breaches, customers are increasingly concerned about the security of their personal data online. For SMEs in particular this poses a threat to their growth in the ecommerce market, with recent research indicating that 59% of consumers are put off shopping with small firms online.

Carphone Warehouse was just one of hundreds of victims of cyber crime last year

Improved and apparent cybersecurity standards therefore can be commoditised to provide benefits to the company employing them. Not only providing businesses with a competitive advantage, but also boosting its reputation. According to UK Government, 82% of consumers would buy more if the business could show they were taking measures to protect against cyber crime.

The threat is now so great that businesses cannot bury their head in the sand and hope that they’ll avoid the attention of cybercriminals. Businesses of all sizes must assume a responsible level of security to ensure that they protect not only their business and their customers, but the entire British economy.

Taking cyber seriously could also help your business in other ways

Whilst clearly the aim of standards such as Cyber Essentials is to reduce the risk or impact of cyber-attacks on a business, adopting this and other standards may also present the opportunity to improve business performance.

For example, appointing someone in charge of cyber, and ensuring they report risks and progress to the Board may provide the opportunity for a small company to improve the way they are managing risk or other issues at Board level.

Ensuring IT systems are fully up to date may allow new technology features of operating systems and other applications to be fully utilised. Through improved management and configuration control, companies may get the opportunity to better understand the value, cost and effectiveness of their IT estate.

Moving their IT to a professionally provided public cloud, for example, may present a better way to managing security as patch management and threat updates would be completed automatically. Not to mention other benefits to the business, such as potentially reducing capital costs for IT, improving collaboration between employees and allowing staff to work more flexibly.

So, no matter how big or small, working with accreditors like the government’s Cyber Essentials scheme provides organisations with a clear understanding of the threats of cybercrime, allowing them to make intelligent decisions moving forward to mitigate that risk. It may also provide an opportunity to improve the way a business operates.

Companies that haven’t yet invested in appropriate and comprehensive cybersecurity solutions must look to these schemes to help them take their first educated steps into the world of security. It could be the most important first steps they ever take.