’It’s important that employees are trained to identify potential points of vulnerability,’ says product manager 

Just over a quarter (26%) of small business professionals see cyber security as a “top priority” according to Direct Line business insurance’s latest research, published yesterday (13 July 2022).

This figure came despite the fact that nearly half (49%) of all small businesses surveyed said they had experienced a cyber attack. 

Meanwhile, 17% of small businesses said they did not view cyber security as priority at all. In addition, 16% of small business professionals rated their knowledge of cybersecurity risks as “excellent”, while 15% said their knowledge “isn’t good”.

The survey was conducted between 17-20 May 2022 and surveyed 2,000 UK adults, 175 of whom had decision-making responsibilities within their small business.

Alison Traboulsi, product manager at Direct Line business insurance, said: “Our latest research shows that small businesses continue to face a diverse range of cyber threats. Cyber criminals are clever and phishing and malware continue to be a key cause of cyber security breaches.

“Criminals will look to catch unsuspecting employees off-guard and lure them in to doing something they shouldn’t, like opening an attachment in a fake email, sharing sensitive information or inadvertently allowing them to bypass cybersecurity. If this happens and criminals get their hands on sensitive customer data, systems or access to bank accounts, the impact on businesses can be devastating.”

Reasons for cyber-attacks on small businesses, Direct Line business insurance, 2022:

Reasons for cyber-attack on small businessPercentage of small business professionals who said that this was the cause of the cyber-attack

The security breach occurred via a third party

20 per cent

Employee plugging in an external device containing malicious software

15 per cent

Employee clicking on an email or website containing malicious software

14 per cent

Employee accidentally divulging confidential information

13 per cent

We didn’t have any cyber security protection

13 per cent

Weak password protection

10 per cent

We hadn’t updated our systems with the latest patches for apps, software, and operating systems

8 per cent

Source: Direct Line Business Insurance


Traboulsi added: “It’s important that employees are trained to identify potential points of vulnerability to help prevent cyber-attacks and that businesses consider taking out cyber insurance to help them deal with the consequences of a breach.”

Human error accounts for almost half (42%) of all cyber-attacks. In addition, 8% businesses cited out of date patch software as the reason for a cyber attack.