Cyber-attack impact severely underestimated by SMEs

Posted on 10 Feb 2016 by Jonny Williamson

Small manufacturing businesses are undervaluing the impact a cyber-attack could have on their reputation and must take steps to protect it, according to a new report by the Government’s Cyber Streetwise campaign and KPMG.

Despite the majority (96%) of small manufacturing businesses surveyed thinking about their company’s reputation frequently or all the time, they aren’t considering how a breach could affect it.

In fact, just 30% of those surveyed that haven’t experienced a breach say the potential damage a cyber breach could cause is an “important” consideration.


Industrial small businesses feel most prepared for a cyber issue – 40% surveyed say they are completely prepared, sitting higher than the national average of 33%.  However, they also feel the most vulnerable – 59% surveyed think it’s likely or very likely that they’ll be a target for a cyber-attack.

However 83% of consumers surveyed are now concerned about which businesses have access to their data and whether it’s safe, and more than half (58%) say that a cyber breach would discourage them from using a business in the future.

Supply chain concerns

86% of procurement departments would consider removing a supplier from their roster due to a breach, highlighting that an attack can have serious short and long term implications.

94% of procurement managers say that cyber security standards are important when awarding a project to an SME supplier.

This is reflected by the fact that the vast majority (97%) of small manufacturing businesses surveyed who have experienced a breach felt the attack impacted their reputation in some way, with 33% of those having been breached reporting brand damage, 24% reporting a loss of clients, and 19% receiving negative reviews on social media.

And the impact has been long lasting. 30% of those surveyed have been unable to grow in line with previous expectations, and a third said it took more than six months for the business to get back on track.

Big Data IoT
The lack of concern around potential reputation damage may be explained by the fact that many SMEs don’t realise the value of their data.

Quality of service is also at risk; those who experienced a cyber breach found it impacted the business’ ability to operate (97%) and caused customer delays (27%).


The lack of concern around potential reputation damage may be explained by the fact that many small manufacturing businesses don’t realise the value of their data.

The majority (97%) hold data in their IT systems, yet up to 27% of those surveyed don’t consider this data to be commercially sensitive.

And despite the fact that customer, financial and IP data can be shared with competitors if a company is attacked, just a third (34%) of small manufacturing businesses said they would be immediately concerned about competitors gaining advantage if they were breached.

The report also reveals that more than a third of small manufacturing businesses (37%) don’t think they will be a target for an attack, despite the majority of consumers worrying about the security of their data, especially in the hands of small businesses.

Partner in KPMG’s cyber security practice, George Quigley commented: “Small businesses know that their reputation is critical to their success but it seems that many haven’t considered quite how many factors can affect it.

“Every piece of data in a business can be of interest to a cyber-criminal – even if the business itself may not realise it – and with SMEs a key target for this very reason, it’s vital to take steps to protect your data, and with it the trust of your customers and ultimately your reputation.”

The Government’s Cyber Streetwise campaign and KPMG released the Small Business Reputation and the Cyber Risk  report this week.

Cyber Streetwise is encouraging small businesses and consumers across the UK to do three simple things to improve their online security and protect themselves from cybercrime:

  • Make your passwords stronger with three random words
  • Install security software on all devices
  • Always download the latest software updates

The Government also offers a free cyber security guide and a free online training course for small businesses.  Visit to learn more.