The Federation of Master Builders

SMEs: A target for Cyber Criminals

Published date: 06 April 2018

Following on from our previous blog post on how to protect your construction business from cyber-attacks, we want to demonstrate why small and medium-sized businesses (SME’s) are preferred by cybercriminals.  Although you may think you’re safe, cybercrime is on the rise and it’s definitely better to be safe than sorry in this case. The National Crime Agency suggests problems are only growing, with 66% of SME’s reported a cybersecurity breach last year. So if you’re wondering why hackers are targeting small businesses, here just some of the reasons we’ve found:

 You will have some kind of valuable information

Even if you think you have nothing worth protecting, there will be some kind of data that is of interest to the hacker. SME’s like yourself may hold valuable information, such as customer bank information, confidential employee data or even financial data. As mentioned in our previous article on cyber insurance, SME’s can often be a gateway for even bigger businesses that may provide a ‘door’ for threats.

Lack the resources to recover

It’s unlikely your business will have information on how to respond to an incident, and the delay will have a significant effect on the business. Plus, the lack of resources and expertise will affect your ability to respond to a cyberattack, which could lead to serious financial losses. The cost of business interruption, insurance increase, privacy fines and legal expenses will ultimately cost a lot of time and money

Lack of awareness

As cybercrime is still a fairly new thing, the lack of education and awareness is still prominently low. Which is great for cybercriminals but not so great for business owners like yourself. Through not being aware of the seriousness of cyber threats and with the lack of knowledge surrounding cybersecurity, you become an easy target. An estimated 65% of SME’s have no data security policy and 58% don’t consider cyber-attacks a big risk to their organisation. Plus, 44% do not consider security a priority.

If security is used, it will likely be a poor amount

If businesses do decide to invest in some form of security it will difficult to keep up with the advanced and developing threats. If security is regularly updated, basic protection services, such as anti-virus software is unlikely to protect from evolving and meticulous techniques hackers will use.

Under-reporting is a growing problem

Many SME’s may be unaware of the breaches and therefore may not want to report any possible problems to others in fear of criticism or embarrassment. It also allows not only cybercriminals to get away with it, but not reporting it means the government and other law enforcement will be unaware of growing developments and techniques used, making it harder and slower to help fight the problem.


With many SME’s dependant on IT and computers in their business, the risk and effect of a cybercrime can be catastrophic. The National Crime Agency suggest cyberattacks have cost the government millions. Businesses like yours, should take extra precautions against these threats to ensure the safety of yourselves, existing and potential clients.

Take a look at the full report here 


Keep in touch with FMB Insurance

For regular updates from FMB Insurance, sign-up here with your email address.