Almost 50% of businesses in the UK underwent some form of online violation in the last year, with government research confirming financial damages through cyber-crime to the British economy is annually in the billions of pounds.
But it’s not only big business that is at risk, SMEs are the ones who pick up the real losses, not only in financial cost but also through reputation, something smaller business can ill-afford but can prevent, through preparedness.
The most frequent online assaults were through emails, with unwitting employees disclosing passwords or opening harmful attachments with malware and virus apps the second most common.
These trends are on the rise, reason enough for SMEs to take cyber-crime more seriously in the years to come.
The Rise and Rise of Cyber-crime
The danger presented by online criminality is changing constantly, and the criminals appear to be one step ahead.
Cyber-crime is on the up, particularly on mobile devices (tablets and smartphones), with studies carried out by digital security firm Avast, uncovering a 40% rise in mobile attacks alone last year.
A number of critical incidents last year highlighted this issue, not least of which, was the ransomware attacks; Petya, WannaCry and NotPetya. WannaCry alone had an enormous effect on organisations globally, including the NHS, the result of which was cancelled appointments and operations affecting millions. A later report from the National Audit Office said that “WannaCry, was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice…
“There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
In 2017 Equifax, the credit reference agency acknowledged that the full personal information of 694,000 customers in the UK alone had been stolen (more than 14 million further names and dates of birth were stolen) forcing the company to admit that those people may be at risk of, “possible criminal activity”. The massive cyber-theft on the company’s worldwide customer records also affected the personal data of 146 million US citizens.
SMEs are becoming increasingly at risk too.
Figures from Symantec recently reported, ‘businesses with between 1 and 250 employees saw the highest rate of phishing in January.
Significant Financial Impact
SMEs whose primary operations are focussed on digital trade can experience enormous commercial losses from data theft. A study in the US carried out by the National Cyber Security Alliance found:
- Almost 50% of small businesses have experienced a cyber-attack.
- More than 70% of attacks target small businesses.
- As many as 60 % of hacked small and medium-sized businesses go out of business after six months.
Projected annual losses globally, top £288 billion from cyber-crime alone, according to the Centre for Strategic and International Studies, with the typical total of the UK’s worst security breaches between £65,000 and £115,000.
Made up of organisation-wide capital expenditure on new systems (both hardware and software) as well as fines for compromised personal information loss, which will increase when the General Data Protection Regulation (GDPR) becomes enforceable in May. Companies face fines up to 4% of turnover or 20 million euros depending on the severity of the breach.
Losing Your Reputation
Of course, it’s not just the financial implications that organisations have to concern themselves with, security breaches can damage a company’s reputation just as much, especially if a loss of data is reported in the media.
The effects of this can escalate quickly. Financial losses can be immediate but an SME can ill afford to lose contracts or slough customers through a reputation damaged by avoidable cyber-crime and make no mistake, your competitors will take advantage quickly of any weakness, real or perceived.
According to a recent government press release, ‘around 80% of cyber breaches can be prevented by putting security basics into practice’, comprising:
Using secure passwords: Use a mix of random words, lower and upper case letters, numbers and symbols.
Installing antivirus and malware software: All company devices, including computers, tablets and smartphones, need to be protected to help prevent infection.
Educating staff on cyber risks: Human behaviour is a firm’s weakest link so all employees should be made aware of security threats.
Downloading software updates: Software and app updates contain vital security upgrades that keep information safe.
With the rise and rise of cyber-crime, many SMEs are getting insured to cover any prospective losses suffered by information breaches or ransomware attacks.
Of course, insurance isn’t a panacea for cyber-security, but it can be a crucial addition to the arsenal of a business’s inclusive risk management strategy.
Cyber cover products are specifically designed to cover cyber risks to businesses that use technology in storage or use of data.
For more information on how to keep your business safe, click here to read more