By Sarah Adams, cyber risk specialist at PolicyBee  professional insurance brokers '

The figures for cybercrime frequency and its cost to business are a bit all over the place. There are lots of surveys and reports and, consequently, lots of discrepancy in the numbers.

One of the most recent, from the government's Department of Culture, Media and Sport, suggests nearly half of UK businesses suffered a cyber breach in the 12 months leading to February 2016. The average cost of these breaches to medium-sized firms was £3,070 and £1,380 to small businesses. Doesn't sound like much does it?

But that's an average, don't forget. Who's to say the worst-case scenarios, involving data theft and encryption, as well as lost business days and fines from the Information Commissioner's Office, didn't cost thousands more?

And who's to say the figures are right in the first place?

Niggling numbers

As a case in point, the government's Information Security Breach Survey 2015 for the Department of Business, Innovation and Skills (surely a more natural fit for cyber issues?) put the cost of a severe breach for SMEs at £310K, averaging out at £75-310K across the board. That's a world away from the Department of Culture, Media & Sport's figures.

And compare that to recent research undertaken by insurance specialists Hiscox, which places a price tag of just under £26,000 on your average SME cyber-attack. Or figures from 2016's report by IBM and the Ponemom Institute, claiming your standard business cyber breach will cost a huge $4 million (£3,092,336) ­- although that particular survey involved businesses of all sizes across 12 countries.

The point to take from all this is that although the figures are erratic, cyber-attacks are a problem for everyone. And both governments and big businesses are sufficiently concerned about the implications - particularly the financial ones - to be ploughing resources into major research, as well as putting contingency plans in place.

Our survey says...

But what about small businesses? What are they doing?

We decided that instead of pursuing cost-per-breach data, which seems impossible to pin down precisely, we'd research how seriously UK SMEs take cybercrime - and how prepared they are for a potential attack.

We asked award-winning strategic insight agency Opinium to survey 500 SMEs from across the country. This is what we found

As we suspected, it seems a lot of SMEs are, in fact, anxious about cybercrime - to the extent that nearly a fifth of business owners confess to losing sleep over it, while a third believe an attack is more a matter of ‘when' than ‘if'. Sole traders, however, remain largely in denial, with nearly three-quarters believing an attack to be ‘unlikely'.

But even among the businesses sufficiently clued-up about cybercrime, it's clear many aren't doing anything about it.

Only 14% of our sample confirmed they have a thoroughly tried-and-tested plan in place to deal with a cyber-attack and its aftermath. Worse, 43% said they'll wait until something actually happens before taking action.

A pretty risky strategy, no?

Further factors

Other factors affecting small business' degree of cyber readiness include geographical location and the business owner's age.

Our survey showed the younger the owner, the more likely they are to be cyber aware.

Also, while business in the largely rural regions of East Anglia and the South-West are the most blasé about cybercrime, those in the North-East and London are the most switched on.

Unsurprisingly, businesses operating within the IT and management consultancy sectors are the most alert to the possibility of a cyber-attack.

So it's clear many SMEs have yet to wake up to the financial and reputation-wrecking implications of cybercrime. It's particularly concerning that almost three-quarters of businesses surveyed admit they haven't put anything aside to cope with the consequences of cybercrime.

Next steps

Regardless of the stats, it's pretty clear cybercrime isn't going away any time soon. Or maybe ever.

A head in the sand approach might be cheap and easy short-term, but your business is your livelihood and not protecting it is, let's be honest, asking for trouble.

Thankfully, that protection doesn't have to be expensive or difficult.

Cyber liability insurance is as good an answer as any. It covers the costs of an attack on your data, network, website and email, paying for forensic investigation, repairs, equipment replacement, legal costs and claims for damages. More importantly, it also gets you valuable peace of mind.

Find out more about, and get a quote for cyber insurance, and get more help and advice about cybercrime from our blog.