5 things businesses need to know about cyber attacks in 2018
Cyber-crime costs the UK economy billions of pounds every year, but it’s not just large companies that are at risk.
SMEs are now firmly in the firing line as they’re often woefully unprepared. Nearly half of UK businesses suffered some sort of cyber breach in the last financial year, Government figures show.
The most common attacks were via fraudulent emails, either through staff unwittingly revealing passwords or opening dangerous attachments.
Viruses and malware were the next most frequent types of attack. This sends out a clear message to SMEs that they need to take cyber-crime extremely seriously in 2018.
1. Attacks are on the rise
The threat posed by cyber-criminals is constantly shifting, and they always seem to be one step ahead. Digital crime is on the up, particularly on smartphones and tablets, with research by cyber-security firm Avast revealing a 40% upturn in mobile cyber-attacks in 2017. Several big cyber incidents hit the headlines last year, not least the WannaCry ransomware attack. It affected organisations around the world, including the NHS, which was forced to cancel operations and appointments. In October, credit reference agency Equifax admitted that the data of 694,000 UK customers had been stolen. Smaller companies are increasingly vulnerable too. According to the latest statistics released by cyber-security firm Symantec, businesses with between one and 250 employees saw the highest rate of phishing in January.
2. The financial impact can be significant
SMEs can suffer huge financial losses from the theft of data and financial information, especially if they’re reliant on online trade. The worst breaches can put a business out of action for up to 10 days. Estimated global annual losses from cyber-crime now top $400 billion (£288 billion), research by the Centre for Strategic and International Studies shows. And according to the Government’s cyber guide for small businesses, the average cost of the worst security breach in the UK is between £65,000 and £115,000. This includes cleaning up affected systems and fines for personal data being compromised. And it could get even more costly when the EU’s General Data Protection Regulation (GDPR) comes into force in May. Firms could be fined up to 4% of turnover or 20 million euros if regulators think they haven’t protected customers’ personal data adequately.
3. Loss of reputation can hit hard
It’s not just financial costs that firms have to worry about.
A security breach can severely damage an organisation’s reputation if it’s reported in the media, leading to a loss of revenue. The effect can snowball. A company may lose out on contracts and shed customers because of a damaged reputation, and competitors will be quick to take advantage of the negativity. Ultimately, the affected business may become unsustainable and have to make staff redundant.
4. Businesses can protect themselves
Around 80% of cyber breaches can be prevented by putting security basics into practice, including: Using secure passwords: Use a mix of random words, lower and upper case letters, numbers and symbols. Installing antivirus and malware software: All company devices, including computers, tablets and smartphones, need to be protected to help prevent infection. Educating staff on cyber risks: Human behaviour is a firm’s weakest link so all employees should be made aware of security threats. Downloading software updates: Software and app updates contain vital security upgrades that keep information safe. Government-backed scheme Cyber Essentials can provide SMEs with more assistance in staying safe.
5. Cyber insurance can help safeguard SMEs
With the rise in cyber-attacks, many companies are turning to insurance to cover the potential losses incurred by data breaches and ransom demands. While insurance isn’t a substitute for strong cyber security, it is important addition to a business’s overall risk management. Insurers can use their expertise to help facilitate significant improvements in cyber security best practice across industry.