Test your knowledge of cyberattacks in the world today by answering six easy questions. Scroll down for the answers and see if you knocked the ball out of the park.

  1. How often is there a new cyberattack on the web?
  2. Who or what is responsible for 95% of data breaches?
  3. By how much did ransomware increase last year?
  4. What is responsible for 91% of all cyberattacks?
  5. How many daily attempts are there to hack UK SMEs?
  6. How much did cyberattacks cost the planet last year?


These stats are indicative of just how lucrative cybercrime can be. They also show us that we are all vulnerable to attack – no matter how well we protect our networks and data. In short, everybody connected to the internet is a target for hackers. Sorry, we don’t make the rules, we only play by them. But should you be ill-fated, it needn’t spell complete disaster. Implementing these 3 Ps – protect, prepare and persevere – will ease the pain when weathering the storm of a cyberattack.


Before we examine exactly how the 3 Ps will make life a bit easier for you before and after a cyberattack, let’s take a closer look at how cyberattacks currently impact businesses, particularly SMEs.

  • Cyber hygiene educator, Dataprot, reports that last year businesses around the globe faced a ransomware attack every 11 seconds.
  • Forbes tells us that in 2022, 43% of all cyberattacks targeted small businesses. Only 14% had appropriate defences in place. And the really bad news?  83% weren’t financially resourced to implement business continuity and recover from the attacks.
  • Of the 65,000 attempted hacks on SMEs every day in the UK, 4,500 are successful.
  • According to LSE-listed insurer, Hiscox, the average cost of a data breach in the UK is £3.2 million.

With these numbers in mind, protecting your data should be prioritised above everything else.


There are many practical ways to protect your IT systems and data and keep them safe and secure. The Information Commissioner’s Office (ICO) recommends some of these:

  • Regularly create several backups of your data and keep one copy off-site. If you are using an external device as your backup, remember to encrypt it.
  • Use strong passwords and MFA.
  • Install anti-virus and malware protection and always keep it up-to-date.
  • Use secure Wi-Fi.
  • Use a firewall to block blocking dangerous programs, viruses or spyware before they infiltrate your network.

Top of most lists relating to protection is data encryption – and not only your backups. John Naughton, a Professor of Technology at the Open University, told The Guardian:

“Encryption used to be the sole province of geeks and mathematicians, but a lot has changed in recent years. In particular, various publicly available tools have taken the rocket science out of encrypting (and decrypting) email and files.”

Protecting your precious business assets shoulder go beyond the advice of the ICO and John Naughton. You can also use a VPN, consciously check and configure app privacy settings, implement access control and zero trust, security dispose of old IT equipment and records, and much more.


American systems and software engineer, Tom Gilb, once said:

“At the source of every error which is blamed on the computer, you will find at least two human errors, one of which is the error of blaming it on the computer.”

There is a funny side to Gilb’s statement, but his words hold water in the realm of cyber threats. Remember that humans are responsible for 95% of data breaches. This means only 5% are potentially unavoidable sources. Human behaviour is also what makes social engineering and phishing attacks so successful, with email phishing being responsible for 91% of all cyberattacks. So how do we overcome our temptation to click on links and open attachments? Security analyst, John Orr, says:

“Educating your workforce to recognize phishing attempts. Ensure that you implement ongoing training, have mechanisms for reporting phishing, and test and measure performance.”

And note that Orr tells us to implement ‘ongoing’ training – reinforcement is key. A single training cybersecurity training session will soon be forgotten. However, if you create a culture of cyber hygiene in your company with regular training, feedback and evaluation, you’ll be prepared for almost any cyberattack that comes your way. Also, ‘Live Fire’ training exercises are a must, usually taking the form of simulated phishing attacks. The results will let you shape cyber security awareness training to address problem areas in your SME.


Even with the best protection and preparation things can still go South. Should you fall victim to a breach, you should recognise that getting hacked is not – necessarily – a sign of failure. It’s how you handle the cyberattack and recover from it that counts. Following these steps will mean that you come out a winner:

  • Identify the type of attack
  • Contain the breach
  • Assess and repair the damage
  • Report the attack
  • Communicate the breach to your customers
  • Learn from the experience

Moving forward after a cyberattack, ponder these words from American cryptographer and computer security professional, Bruce Schneier:

“Give yourself more security than you need today. When the unexpected happens, you’ll be glad you did.”


I have been in the field of professional business IT support for over 20 years helping SMEs in London. I specialise in cybersecurity and risk mitigation. To me, data backup and encryption are essential if you want to protect your IT systems and maintain an excellent business reputation. Contact me today and let’s make sure you are never a victim of a cyberattack.


  1. every 39 seconds
  2. humans
  3. 62%
  4. email
  5. 65,000
  6. £5 trillion

Leave a comment