The average annual cost of a cyber attack to UK businesses in 2018/19, was £4,1801. With threat levels increasing and business systems becoming more and more digitised and connected, the risks to businesses are also growing. Cybercrime isn’t just about stealing information and it isn’t just targeting large organisations or those that are digitally focused. It’s about causing disruption, achieving financial gain, with even the smallest businesses and those not particularly invested in technology at risk.
The immediate cost of cybercrime
Let’s consider some examples:
- If you’re a small café and your payment system is breached so you’re unable to accept card payments, you obviously risk losing revenue (particularly as non-cash payments increase). At the same time, however, you’ve already paid your suppliers and you’re still paying your staff, so that will also affect your cash flow.
- If you’re a tradesperson and your business email is compromised and you make a payment to a supplier that is diverted to a cybercriminal’s account instead, you have lost funds, and your supplier hasn’t been paid on time. That could threaten future supplies, damage supplier relationships, hurt your cash flow and potentially stop you from undertaking or completing a job.
- If you’re a manufacturer who’s invested in technology to optimise your production and you fall victim to a ransomware attack, your whole production line could be brought to a standstill. That will affect your cash flow, certainly, but it could also affect your business’ reputation and your credit worthiness.
The implications are clear and serious. Direct costs of falling victim to cybercrime may include the very immediate impact of loss of access to systems or services, which prevent you or your staff from doing their jobs, loss or damage to equipment or data, as well as the loss of revenue from customers being unable to access your products or services.
The price of recovery
However, businesses also need to account for the cost of recovery. Costs to investigate an attack or repair or replace hardware or software affected can quickly increase, especially as businesses need to act rapidly to restart normal operations. There may also be unexpected costs, such as the need to bring in additional staff to operate things manually, or to communicate with customers.
In the longer-term, the costs of a cyber-attack can escalate still further. Delays to work being carried out as you regroup can lead to delays in payments, customers may be due compensation, reputational damage may be incurred, or intellectual property lost. Any breach that leads to theft of or compromises customer data could also lead to financial penalties under GDPR, and individual industries may face regulatory fines or reprisals.
The impact of a cyber-attack on smaller businesses – whether it succeeds in its aim or not – can be devastating. If your cash flow is tight and you have few cash reserves and no immediate access to liquidity, keeping the business operating until normality resumes can be challenging, even without factoring in possible additional costs. That’s why it’s important to protect your business, plan what you’d do if the worst happened, and prepare your response.
Top tips for reducing the financial impact of cybercrime on your business
- Protect your business
- Install and keep security protection and software updated
- Ensure passwords are robust and changed regularly
- Be aware of what a cyber-attack might look like and train staff to spot any issues
- Plan your actions
- Create a risk assessment that identifies any key processes and operations and potential risks
- Back-up any important data
- Consider whether insurance might be worthwhile
- Create an action plan and communicate it across your business.
- Prepare to respond
- Test your plan to make sure it works and identify any gaps
- Keep an eye on your cash flow and reserves to ensure you have a buffer wherever possible or access to funding in the short-term
- Consider alternative payment methods or suppliers to keep business operational
- Report any attack or potential attack to Action Fraud.
For more information on how to protect your business from a cyber-attack, visit our cyber crime hub.
Related Articles

Tomorrow Ready
Access tools, resources and insights to help get your business fit for the future.