A surprising one in five British businesses was hit by a cyber-attack in 2016 according to a report by the British Chamber of Commerce (BCC). However, the survey of nearly 1,300 companies showed that only 24% of those businesses had security measures in place to protect themselves from hacking, despite the increased threat.
Large businesses – those with 100 or more staff – were most at risk, with nearly half having been targeted in attacks that demanding money, stole sensitive information or disrupted productivity.
And the issue doesn’t seem to be getting any better. Cyber-crime, a major component of corporate fraud, is projected to cost businesses more than $1 trillion a year by 2019.
As the world becomes more dependent on online business and data shared over the web, it’s increasingly important for companies to manage the risk.
Several recent high-profile cases have highlighted the dangers of inadequate security – including the infiltration of Yahoo customers’ information and, most recently, an attack that left dozens of NHS trusts unable to access crucial patient records.
Yet many companies lack even simple cyber security and run obsolete operating systems which leave their data defenceless. Adam Marshall, director-general of the BCC, urges firms to treat the cyber-attacks more seriously, saying:
“Firms need to be proactive about protecting themselves from cyber-attacks. Accreditations can help businesses asses their own IT infrastructure, defend against cyber-security breaches and mitigate the damage caused by an attack. It can also increase confidence among the businesses and clients who they engage with online.”
Research shows that businesses are less equipped than banks and financial institutions to resolve the damage caused by cyber-attacks, with 63% of those affected seeking external support from IT consultancies.
With cyber-crime constantly evolving, the BCC warns that there isn’t enough information available to companies to help them understand both the risks of cyber-crime and the steps needed once an attack has occurred. Marshall says:
“More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cyber-security breach, and increase clarity around the response options available to victims, which would help minimise the occurrence of cyber-crime.”
However, action is being taken to encourage better cyber-crime prevention. TalkTalk was accused of having a lacklustre attitude towards its security when almost 157,000 of its customers’ personal details were accessed through hacking in 2015. The breach included over 15,500 cases where bank account details were stolen.
As a result, the company was fined a record £400,000 for the failings, which were described as a “car crash” by former information commissioner Cristopher Graham, as they failed to take basic steps to protect information.
According to Marshall, firms are likely to face stricter regulations next year as the issue moves up the agenda:
“Firms need to be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don’t adopt the appropriate protections leave themselves open to tough penalties.”
Get in touch to find out how Graydon can help protect your business from falling victim to fraud.