Three-quarters of businesses are estimated to be unprepared for a cyber attack despite, in many cases, leaving the door open for cyber criminals to freely enter their systems. Furthermore, with the ever-growing number of connected devices available through the Internet of Things, the number of doors open to cyber criminals is snowballing. Even a connected fish tank has served as an attack entry point.
Most UK businesses are simply not putting enough budget or effort behind cyber security to minimise the impact of a breach. Despite the added legal pressures to protect their data imposed by GDPR, businesses are seemingly unaware of how at-risk they are, despite many having already suffered an attack.
A Federation of Small Businesses (FSB) member survey in 2016 found 66% of small businesses were cyber crime victims. The Government’s 2017 Cyber Security Breaches Survey highlighted that 45% of micro-businesses had been breached in the previous 12 months. Expert, Adam Bradley, Regional Vice President of security firm, Sophos, has said of cyber criminals: “With small businesses, it is not whether they are going to get in, but when.”
Significant international names have also displayed cyber security Achilles heels. An attack in 2017, led to data theft from 143m Equifax customers. The WannaCry ransomware attack in May 2017 affected up to 300,000 computers in 150 countries.
The Government’s Cyber Security Breaches Survey 2019 showed just 11% of businesses have purchased specific cyber insurance policies. 15% of businesses have considered cyber insurance, but not bought it. In 23% of cases this was due to lack of knowledge, whilst 22% of businesses considered themselves too low-risk.
Many businesses are unaware of how cyber criminals operate and their ‘stepping stones’ strategy. This is the law of the savannah, where a cyber criminal attacks weak prey, until they can feast on something bigger. The fish tank example is a good one. It had no cyber security and was networked to various systems. Once the criminals were swimming in the tank, they accessed everything else on the network. In such attacks, much larger frauds occur, with raids on bank accounts and data being lucrative and usually ramification-free for faceless cyber criminals. Police division, Action Fraud, says 85% of reported fraud is cyber-enabled.
Brokers are trying to ensure their clients do not become gullible guppies. Cyber criminals operate in key ways. Weak passwords are always vulnerable. Phishing emails and smishing SMS messages with malware-ridden attachments and links can infect computer systems within minutes.
Application attacks focus on software and system weaknesses with no anti-virus protection or sufficient firewalls. Public wifi zones can be insecure, or even hotspots set up by criminals, to catch out unwitting users. The means of committing cyber crime are numerous, as are the opportunities. The motive is often a cryptocurrency payment or the satisfaction of bringing an organisation to its knees, with significant reputational damage.
Social engineering – predicting human error – is something cyber criminals thrive upon. Companies must engage staff in robust cyber security programmes, ensuring they are prompted to think before clicking on a link, hover over an email address before trusting it and be dubious about requests from managers requesting big money transfers into their account.
Cyber insurance has a value beyond repairing the damage done to malware-infected systems, or financing website rebuilds. It can help deliver training, ensure key elements of protection exist and better manage a business’s overall cyber risk. After a broker’s assessment, key strategies can be employed, to avoid a business becoming yet another cyber statistic.
If you need help with cyber strategies, get in touch. Remember, it is not if you will be attacked, but when.