A new study has shown that a number of small businesses in the UK and US are not prepared for a potential cyber attack or breach.

The research, commissioned and published by cybersecurity company Bullguard, found that one third of companies with 50 or fewer employees use free, consumer-grade cybersecurity, and one in five companies use no endpoint security at all.

It also revealed that 43% of small business owners (SMBs) have no cybersecurity defence plan in place – “leaving their most sensitive financial, customer and business data, and ultimately their companies, at significant risk,” said Bullguard.

Paul Lipman, CEO of BullGuard, said: “Small businesses are not immune to cyber attacks and data breaches, and are often targeted specifically because they often fail to prioritise security.

“Caught between inadequate consumer solutions and overly complex enterprise software, many small business owners may be inclined to skip cybersecurity. It only takes one attack, however, to bring a business to its knees.” 

However, the research found that nearly 60% of SMB owners believe their business is unlikely to be targeted by cyber criminals, despite 18.5% of them having suffered from a cyber attack or data breach within the past year.

Once breached, 25% of SMB owners stated they had to spend $10,000 (approximately £7,738) or more to resolve the attack, and 50% of SMB owners said it took 24 hours or longer to recover from a breach or cyber attack. Almost 40% stated they lost crucial data as a result, while 25% reported they lost business.

Despite this, many SMB owners were found to be overly confident in the safety of their company and customer data, with one in five stating their organisation has zero vulnerabilities, and 50% revealing that their employees do not receive any cybersecurity training. In addition, 65% of SMB owners report managing their cybersecurity in-house, but less than 10% said they have a dedicated IT staff member.