Cost of Data Breaches For SME’s – Why Enhance Cyber Security

Published on 31 May 2022

For many years data breaches were something that only large and enterprise sized businesses had to worry about. In more recent years cybercriminals have turned their attention to Small to Medium sized businesses (SMBs). Data breaches can be detrimental to any business, causing financial and reputational losses that could result in the closure of a business.

What is a Data Breach?

A data breach is when sensitive or confidential information is exposed to an unauthorised person. These files can then be shared without your permission.

What are the Different Types of Data Breaches?

Data breaches occur when a business has vulnerabilities in their technology, their staff or a lack of cyber security. This can be from an outside source or internal.

The most common data breaches for businesses are:


o   This is one of the fastest-growing threats to organisations. There was a 105% increase in ransomware attacks in 2021 globally. Ransomware works by infecting your network with malware that encrypts your data, so you won’t be able to access it. A cybercriminal will then demand payment for you to get your data back.

Lost or Stolen devices

o   If a work device is lost or stolen and it does not have proper cyber security protocols installed it will be easy for your company’s data to be accessed and shared without your permission.

Malicious Insider

o   This is when an employee intentionally shares private and sensitive business data with outside sources or internally with other colleagues.

Human Error

o   When an employee accidentally shares confidential data with someone who is not authorised to see it. This could be by accidentally sharing a file with the wrong contact or leaving files lying around to get lost.


o   Phishing (link to blog) relies on human error to work, and it is one of the most popular ways cybercriminals use to gain access to data. They will disguise an email or text message as a legitimate company, encouraging you to click a link or download a file. According to the UK Government’s Cyber Security Breaches Survey, phishing attacks accounted for 83% of all cyber-attacks which has risen by 9% in 2022. 

What are the consequences of a Data Breach?

In a study by IBM, they found that the cost of data breaches had risen by 26.8% from 2020 – 2021. There are many costs associated with a data breach many of which are financial. Some are obvious, but others may surprise you.

Notifying Those Effected

o   There will be considerable costs associated with informing customers, clients and third parties of a data breach that will affect them. This could take your staff away from their regular duties for quite some time. Inclusive of this you will need to notify the correct regulatory bodies of the breach, for example, the Information Commissioner’s Office (ICO).

Loss of Business

o   A data breach could be detrimental to your business’s reputation. It has the potential to deter potential prospects and business distributors as well as lose loyal hard-earned customers. When a data breach occurs, it could take days for your business to get back up and running. For an SMB it takes longer to recover because you lack the resources that a large enterprise can spend on getting back up and running. In fact, 50% of SMBs said it took more than 24 hours to recover from an attack. 

After Effects of a Data Breach

o   There may be legal expenditures you will have to cover when helping victims of the data breach. Not to mention heavy fines from governing bodies if your business is found to lack the proper cyber security requirements.

Detection and Investigation

o   You may want to investigate how the breach occurred and where it started to prevent it from happening again. You may be required to carry out assessments and audits to uncover what happened.

39% of a data breach cost goes towards loss of business. It can be hard for an SMB to recover from all the unexpected stress and cost of a data breach.

Cyber Security

Why SMBs Should be Vigilant

It is easy to assume cybercriminals are only targeting large enterprises, turning over millions. That they have no interest in an SMB’s data. Unfortunately, this is not the case, large businesses invest heavily in their cyber security, and for many, it is one of their highest priorities. Their systems and networks will be difficult to break into, whereas a smaller business will be easy to infiltrate. Even if the money is less, the effort and skill involved will be significantly reduced. Think of it like this: Is a car thief likely to spend the time trying to break into an expensive car with a state-of-the-art alarm system or are they going to take the unlocked car parked next to it?

SMBs do not help themselves in this situation. A study conducted by BullGuard in 2019 revealed that 57% of SMBs didn’t think they were a target, whilst 20% reported to have been a victim to an attack. On top of this 23% have no endpoint security and 32% rely on free solutions for their cyber security. All of this creates a perfect opportunity for someone with malicious intent to exploit.

How to protect your business from a Data Breach

Once a data breach has occurred there is not much that you can do to revert or fix it. Having proper cyber security policies in place can vastly reduce the risk of a data breach. Cyber security covers a wide range of activities that can be implemented to keep your business safe. Here are 4 ways you can improve your cyber security:

Upgrading Devices and Software

o   Ensure all devices are up to date with the latest software updates. These updates are partly made because the developers have found a cyber security weakness that they have fixed before it can be exploited. By failing to update your software you are leaving your devices vulnerable to cyber security breaches.

o   Check that all the devices you are using for work are still supported by the manufacturer. Out of date devices will not receive any updates for new cyber security threats.


o   Make sure all data is encrypted. Encryption means that the data can only be read by people who have the key. Even if your company’s data is stolen, a cybercriminal won’t be able to access the information.


o   Implement managed access controls to all your staff. This will limit what they can have access to, it is a good idea to only allow them to have access to the data they need for their role. Only assigned very sensitive and important data to high-level employees.


o   Human error is one of the most common ways data is leaked. Regular cyber security training will help keep your employees alert and reduce human error.


Cyber Essentials

There are many ways to improve your cyber security, but an excellent way to make sure you are choosing the right policies for your business is to get Cyber Essentials Accredited.  Cyber Essentials is a government-backed, industry-supported scheme. It has been developed by the National Cyber Security Centre. It is there to provide guidance on how to keep your business protected against the most common cyber-attacks.

Cyber security and data breaches can be ruinous to a business at any scale. This is more prominent for SMBs, the sudden and ongoing expenditure can be difficult to recover from. On top of that, the damage to a business’s reputation could undo all the hard work you’ve put into building your brand. Investing in cyber security will keep your business safe and secure, it can be overwhelming to know where to start which is why Cyber Essentials is an excellent jumping-off point. It lays out all the cyber security protocols you will need to activate to keep your business’s data secure.

If you are interested in learning more about how Bluebell IT Solutions can help you get Cyber Essentials Accredited or want to learn more about your Cyber Security environment book a meeting with us below. 

open padlock representing aSecurity breach

Contact us!

Recent Posts

Our Resources