If you have ever wondered whether your business needs cyber insurance, the answer is most likely yes. If you are one of the staggering 98% of UK businesses that depend on online services, store customer or supplier data, process payments or have a website, the answer is a resounding yes. You’ve only got to look at the facts to be reminded of the scale of cybercrime.
Below, we share the latest statistics surrounding cyber breaches and attacks, the impact they are having on UK businesses and look at one of the main types of attack – phishing.
For a cybercrime snapshot and advice on preventing phishing scams, click here to view our infographic.
Cybercrime – Where Are We Now?
According to a 2019 report by Carbon Black, 88% of UK companies surveyed have suffered a cyber security breach in the last 12 months. That means that almost all businesses in the UK are vulnerable to an attack.
Any business is at risk of falling victim to cybercrime, regardless of size. A recent study found that small-to-medium-sized businesses in the UK experience 65,000 attempted hacks every day, around 4,500 of which are successful. The threat is bigger for larger businesses, with 61% reporting that they have had a cyber security breach or attack in the last 12 months.
Cyber incidents are ranked as the top business risk in the UK, according to a recent survey by Allianz. In fact, with awareness of cyber threats growing year on year, cyber incidents ranked as the most important business risk globally for the first time ever. Unfortunately, it’s not a case of if you will suffer a breach, but when.
What Does It Mean for Businesses?
The financial impact of a cyber-attack can be astronomical for businesses. In a study by IBM and Ponemon, it was found that data breaches cost UK enterprises an average of $3.88 million per breach. Without cyber insurance, which would protect you against business interruption, financial and reputational loss, your business would have to absorb the costs associated with a cyber-attack, including 24-hour incident response, legal advice, PR guidance, notification costs, compensation from affected individuals and more.
It doesn’t end there either. Losses can continue even after an attack has been dealt with. Recent research found that 44% of UK consumers will stop spending with a business temporarily after a security breach and 41% claim they will never return to a business post-breach.
Positively, it seems that businesses are now willing to spend more to help avoid cyber-attacks. 66% of UK organisations said their security budgets had risen in the last year, a recent survey found. Despite the investment in technology, there is still a need for education and awareness about cyber security, with 90% of corporate data breaches being caused by human error.
The Most Common Cause and 4 Tips to Help You Prevent It
Many of today’s cyber threats target humans and around half of attacks in the UK involve phishing, which is roughly 20% higher than the global average. Phishing allows fraudsters to gain access to a company’s system, either by tricking employees into clicking on a link or attachment in an email to infect their machine with malware or by taking them to a webpage that looks legit but is designed to steal private information. Below, we’re sharing our top tips to help you protect your business against phishing scams.
1. Think Before You Click
Fraudulent emails are getting increasingly convincing. It’s important to be vigilant with any emails you receive as some can appear as if they’re coming from a friend or the bank. Some hackers even take over real email accounts, making the message look as though it was sent from a legitimate source. Remember that legitimate businesses will not send you an email to ask for any sensitive information, such as log in or bank details.
Consider the language used and be wary if an email doesn’t address you directly, tells you that your account has been compromised or asks you to verify your account. If the contents of an email feels off, especially if it has a request in it, reach out to the sender separately and ask them if they contacted you. Instead of clicking on links, type the web address of the institution into the browser to access the website instead. The bottom line is, be suspicious even when an email looks legit.
2. Safeguard Your Systems
Ensure your computer is protected by installing security software and antivirus solutions. Check the status on all equipment regularly and keep all systems up-to-date with the latest security patches and updates. Don’t neglect your mobile device by setting updates to install automatically.
Protect your accounts by using multi-factor authentication to log in and use a password manager to ensure your passwords are consistently strong and unique. Encrypt all sensitive company information and back up your data, again not forgetting the data stored on your phone. A SPAM filter will detect viruses, blank senders and so on to prevent suspicious emails from reaching your employees’ inboxes. In the same way, a web filter blocks malicious websites.
3. Educate Your Employees
Educating your employees about phishing is key to protecting your business. Simply opening a phishing email can result in a cyber incident and so it’s important that your employees realise the implications of their own actions when handling business data and IT systems. Consider developing a security policy for employees, emphasising the importance of cyber security and what they need to do and look out for to avoid an attack, such as effective password management and detecting phishing scams.
4. Protect Your Business in the Event of Attack
Despite your best efforts to prevent a cyber breach, it doesn’t guarantee your business’ safety. Recent statistics indicate that it’s only a matter of time before a business is attacked. Even though the extent of cybercrime is astonishing, only 11% of UK businesses have purchased cyber insurance, leaving a concerning 89% without cover. Cyber insurance will protect your business if you suffer a breach or attack and cover you for any losses you experience.
With so many businesses depending on online services, the cyber threat cannot be ignored. Our cybercrime insurance specialist, Emma Francis is on hand to discuss the unique risks faced by your business and help you find appropriate insurance. Contact Emma today on 01792 704317 or email firstname.lastname@example.org.