As the world becomes more heavily dependent on technology, cyber-crime statistics continue to rise and businesses of all sizes continue to be affected. Be prepared, protect yourself with cyber-crime insurance.
What are the statistics of cyber-crime in the UK?
In order to appreciate the impact of cyber-attacks on businesses, we need to look at statistics of cyber-crimes against small, UK businesses. According to a study conducted by Hiscox in 2019, statistics show that cyber-crime is on the rise, with 55% of UK business reporting an attempted cyber-attack in 2019. This is a rise of 15% on the previous year. While the number of reported cyber-crime on small businesses is continuing to rise to, with 14% more reports on the previous year.
More alarmingly, cybersecurity breaches are also becoming more frequent, according to a survey completed by GOV.uk in March 2020. According to this study, 46% of all UK charities and businesses reported experiencing a cyber-attack over the last 12 months, which is an increase of 22% from 2017.
These cyber-attacks can be quite costly, which impacts greatly on small businesses. The average cost for cybersecurity breaches for small businesses in 2019 was £11,000, including ransom payments, hardware replacements and other factors, like an interruption to business. To keep up-to-date on the recent statistics, check the Hiscox Cyber Readiness Report, which is updated each year with the most recent statistics.
What types of cyber-crime are there?
There are lots of different types of cyber-crime, these include:
- Phishing attacks. Where a hacker will try to obtain personal information from someone. They do this through means such as sending a link through email, instant messages or SMS texts.
- Malware. This is malicious software that is designed to damage a targeted computer or server. Worms, viruses and ransomware are all launched as part of a phishing attack.
- SQL Injection. When a cyber-criminal embeds a harmful code in a webpage or application that enables it to access data. For more information on how to prevent this kind of cyber-attack see Hiscox’s SQL injection FAQs.
- Man-in-the-middle attacks. This is when cyber-criminals intercept conversations, data transfers, and transactions between the victim and online service they are using.
- Denial-of-service attacks. A cyber-attack performed by a hacker, in which they halt an online service operation by inundating it with traffic/requests, therefore rendering it unusable.
Examples of cyber-attacks
To understand cyber-attacks, it’s a good idea to familiarise yourself with some recent cyber-attacks.
U.S. Customs and Border Protection/Perceptics cyber-attack. The U.S. Customs and Border Protection (CBP) confirmed in June 2019 that the licence plates and photographs of faces had been compromised through a cyber-attacked on the company network of federal subcontractor Perceptics. Approximately 100,000 people had their information stolen at just one of the land border entry ports.
The Weather Channel ransomware. In April 2019, the Weather Channel was interrupted by a malicious software attack. It was due to go live at 6 am, fortunately, it was back on the air within a couple of hours, but only because of the channels excellent cyber-crime preparations, they had a back-up system that was ready to launch.
Breach in Capital One. The cloud-based data storage server for the financial corporation Capital One was hacked in July 2019. Criminals gained access to the personal information of small business customers who had applied for a credit card. This affected approximately 100 million people in America and a further 6 million in Canada.
Texas ransomware. The local government of Texas, including 23 towns and small cities, was the victim of a coordinated ransomware attack which targeted small municipalities. The hacker incapacitated services such as payment processing and demanded a ransom.
Citrix breach. In March 2019, Citrix, a software company, was contacted by the FBI who informed them that hackers had gained access to sensitive data using a variety of techniques such as ‘password spraying’. They accessed emails, business documents and files.
Preventing cyber-attacks
Any business, regardless of size, should have cybersecurity in place in order to safeguard their business, this is also true for small businesses. Here are some ways that you can improve your cyber-security, prevent cyber-attacks and protect your business:
- Antivirus software. Install antivirus and antispyware protection on your computers and make sure these are regularly updated. Also, keep your operating system software and applications fully up-to-date. Use a password-protected wi-fi and use firewalls to protect users as they browse the internet.
- Cyber-Security Training. Train your staff in cybersecurity. Use Hiscox Cyber Clear Academy, which includes training modules for staff. This will teach them to do things like not open suspicious-looking emails or files, locking their computers when they leave their desk, and regularly changing their passwords.
- Control access to computers. Have full control over who can access your computers by providing each employee with a user account and password, allow access to sensitive data to only those that need it, and limit downloads of software.
Reporting cyber-crimes
Cyber-attacks on small businesses are not uncommon, which is why you need to understand what you need to do if you fall victim to one. In the UK, all cyber-crime cases should be immediately reported to Action Fraud. They will then provide you with a police crime reference number and will inform the National Fraud Intelligence Bureau.
If you have lost financially as a result of the cyber-crime, you should contact your bank as soon as possible to ask them to launch a fraud investigation, they will then take measures to protect your account. You should also contact your insurance if you’re covered for cyber-crime so that they can assist with the investigations and with your banking.
In instances where data has been stolen from your company, you should report it to the ICO as this could be a breach of GDPR. Do this within 72 hours, this will minimise any penalties that the ICO might impose on your company.
Small business should take cyber-crime as seriously as large companies. As a small business owner, you have to take measures to protect yourself against cyber-crime, otherwise, this could lead to serious consequences for your company. Prioritise data security procedures, install suitable antivirus and antispyware and keep these updated, and consider adding cyber-crime insurance to your small business insurance policy. Insurance will help you to recover your losses, helping with the costs of recovering lost data and repairing systems and providing legal defence and reputation management.
