The number of malicious attacks on smaller firms has dropped in the last year as the cyber criminals shift their focus back to larger enterprises but the foot has to remain on the pedal if users are to remain protected.
The latest 2014 Information Security Breaches Survey, carried out by PwC in conjunction with the Department for Business Innovation & Skills has revealed that SMEs have seen the number of external attacks drop in the last year.
A third of small firms were the victim of a attack from an unauthorized outsider last year, down from 43% in the pervious year, and 12% of firms detected that they had been breached, compared to 15% in the previous 12 months.
But not all the arrows were pointing downwards with those small firms suffering from infection coming from viruses or malicious software increasing from 41% to 45% in the latest set of numbers.
The level of large firms that have suffered a breach in the last year remained fairly static at 81% and SME levels were down to 60% from 64% but 59% of businesses of all sizes expected more attacks to come in the next 12 months.
The other problem for the victims of attacks was that although the volume might have dropped the value has risen for the third year in a row with small firms being hit for between £65,000 and £115,000 on average.
David Willetts, universities and science minister, said that the results showed that companies of all sizes were still under cuber attack: "increasingly those that can manage cyber security risks have a clear competitive advantage".
Andrew Miller, cyber security director at PwC, said that although the number of breaches had fallen slightly over the last year the need for vigilance was as high as ever and more needed to be done by firms looking to reduce risks.
“Breaches are becoming more sophisticated and their impact more damaging. Given the dynamic nature of the risk, boards need to be reviewing threats and vulnerabilities on a regular basis. As the average cost of an organisation’s worst breach has increased this year, businesses must make sure that the way they are spending their money in the control of cyber threats is effective," he said.