There has been a jump in UK firms reporting cyber-attacks according to research from Hiscox.
The research has found that 55% of businesses faced an attack in 2019, up from 40% last year and many businesses “incorrectly felt that they weren’t at risk”.
Over 5,400 firms across seven countries, including the United States, Spain, France and Germany, were surveyed. UK firms were noted as having the “lowest cyber security budgets”.
Similarly, British firms were identified as joint-least likely (along with the US) to have someone on their staff in a defined cyber security role.
This suggests that UK firms are leaving themselves vulnerable to cyber-crime, by not investing sufficiently in cyber security and training.
It is easy to see why smaller firms in particular could fall into this trap as they may assume that they are too insignificant to be targeted, and they will pass ‘under the radar’ of cyber criminals. However, this is not necessarily the case and all firms, regardless of size, should be aware of the risks posed by cyber criminals.
Attacks may be indiscriminate or targeted, and can take various forms. These may include ‘phishing’ or ‘spear-phishing’ scams where individuals are tricked into divulging sensitive information. A typical example would be an email requesting that the individual confirms log-in details, banking details or other personal information; such emails can often look very convincing, mimicking the style and branding of genuine organisations.
‘Social engineering’ is another form of cyber-crime whereby individuals are manipulated into giving away passwords or other important, sensitive information. Such attacks can take place online or offline and may involve ‘baiting’ employees with tempting USBs or CDs that, when inserted into a computer, infects the machine and network with malware.
It is often the case that cyber-attacks occur as a result of human error – either intentionally or accidentally. Therefore, it is vital that staff are sufficiently trained and aware of the signs they should look out for.
A cyber-attack, like those described above, can have a devastating effect on a business. They could lose access to a wealth of information crucial to their day-to-day operations, such as customer’s details, financial records, payment details and important correspondence. The result of such disruption may be reputational damage, financial losses and may have serious legal implications – all of which may be difficult to recover from.
Cyber-crime is fast-moving, with criminals continually adapting and developing new tactics. On the basis of this research, UK firms may not be as well-prepared as they should be. Don’t fall into the trap of complacency and assume that it won’t happen to your firm.