By Saif Ullah, Researcher in the City of London Research Team
Earlier this month, the Government started this year's cyber security breaches survey. The survey annually tracks how UK businesses are approaching cyber security and the impact of cyber attacks over the past year.
Last year’s survey provided some worrying insights into the impact of cyber crime on businesses. Nearly two-thirds of large businesses (i.e. those with 250+ employees) had experienced a cyber breach or attack in the previous 12 months, with a quarter of those firms experiencing a breach at least once a month. More concerning was the relative impact of firms that experienced a successful cyber breach: the average cost of a breach to a large business was £36,500, while the costliest breach identified in the survey amounted to £3 million.
Indications are that cyber threats to companies are increasing rather than decreasing. PwC’s Information Security Breaches survey found a growing number of small and large organisations had experienced a security breach in 2015– 90% of large firms were hit by a cyber attack compared to 81% the previous year, while 74% of small businesses experienced a cyber breach, up from 60% a year earlier. Similarly, the cost of breaches to firms is on the rise, from between £1.46m - £3.14m for large companies (up from £600k - £1.15m a year earlier) and £75k-£311k for small businesses (up from £65k - £115k the previous year).
Are businesses becoming more vulnerable to cyber attacks?
Several reasons have been cited for the growing number of cyber breaches on businesses. One factor is the increased availability of hacking tools, making it easier for criminals to commit cyber attacks. Increased use of mobile devices by companies, such as tablets and smartphones, have resulted in firms being more susceptible to malicious software – a Norton Security Report found that people were much less concerned about installing anti-virus software on mobile platforms in contrast to their desktop computers.
Data breaches via third party companies are also becoming a growing issue for businesses, as cyber criminals target the less sophisticated security measures of partners to gain access to a company’s systems. A high profile attack on US company Target in 2013 saw approximately 110 million customers’ personal data stolen, after one of its suppliers – a refrigeration company – was compromised.
Another reason cited for the increased number of reported cyber attacks is that firms are becoming more transparent about incidents which they have suffered, giving the appearance of more cyber-related incidents taking place.
Most businesses are able to protect themselves sufficiently through low-cost measures, such as installing and keeping up to date anti-virus and firewall software, using complex passwords for IT systems, computers and mobile devices, and keeping data important to your business secure. Yet, cyber security remains relatively under-prioritised at boardroom level, resulting in some businesses using outdated software with increased vulnerabilities.
Additionally, employees clicking an email containing a malicious link can often be the greater threat to cyber security for a business. Companies should ensure that they regularly communicate and educate their staff about protecting their work devices from cyber threats.
The Government offers various resources that can help business improve their protection measures. The Cyber Essentials scheme allows SMEs and larger businesses to measure their level of protection against common cyber threats. Businesses can also attain a Cyber Essentials Badge to advertise the fact that it adheres to a government endorsed standard.
Companies can also gain further practical advice on protection using GCHQ’s 10 Steps to Cyber Security guidance, while the Government’s Cyber Aware website is a useful portal for information on both protection and response to cyber attacks.
The City of London Police (COLP) plays a vital role providing guidance to individuals and businesses here in the City on protection against cyber threats (COLP hosts a webpage with Get Safe Online where visitors can access information on protection measures and learn about online safety in the City). The City of London Police also host Action Fraud, the UK’s national fraud and cyber crime reporting centre and providing training on cyber crime through their internationally renowned training academy.
Cyber crime presents an immense challenge to businesses all over the world, potentially resulting in millions of pounds worth of losses unless vulnerabilities are addressed. Ensuring cyber security remains a high business priority and protection measures are regularly updated can go a long way to prevent future cyber attacks.