With the global cost of cybercrime predicted to exceed £4 trillion in 2021,1 and the UK alone experiencing a 31% rise in cases during 2020,2 there has never been a better time for businesses to look again at cyber security.
Seeking to combat this risk, UK businesses have increased their spend on cyber security by 63% in the last 12 months3 – perhaps prompted by a 15-fold rise in cybercrime pandemic.4 However, while the average business now spends 21% of its IT budget on cyber security,3 recent government figures suggest fewer businesses are putting in place the recommended cyber security measures,5 which perhaps reveals a lack of understanding as to what cyber security actually is.
To truly understand cyber security, it is important to first understand cyber risk – the business cyber security threats that can lead to business disruption, loss of data, action from regulators like the Information Commissioners Office in the UK, and ultimately financial and reputational damage.
Cyber security threats in 2021
The cyber risks facing businesses do not stand still, because hackers are constantly working to find more sophisticated ways to evade business cyber security measures.6 That is why having a clear view of the lasts threats that could impact a business is so important – without that knowledge, how can any business hope to defend against them?
The truth is that the cyber security risks facing businesses of all shapes and sizes are many and varied, but the top cyber risks in 2021 are:7
- Phishing: Phishing is a type of social engineering attack in which cyber criminals trick employees into handing over sensitive information or installing malware, usually via email8 but increasingly via platforms like Zoom.
- Remote working attacks: The rise of remote working in 2020 may have helped firms to continue operating during COVID-19 lockdowns, but it also opened up new possibilities for cybercriminals. They have targeted weak passwords on remote access solutions like virtual private networks (VPN) as well as less secure computers used by home workers to access business systems.
- Cloud computing attacks: The pandemic also drove an explosion in the use of cloud-based IT systems and tools, but rapid adoption left holes in cloud cyber security which cybercriminals were quick to exploit.
- Ransomware: It is believed that ransomware claims a new victim every ten seconds worldwide on average, and in 2020 the cost of those attacks rose by 75% to around $20 billion in 2020.
- Mobile phone attacks: In recent research, almost half (46%) of companies reported that at least one employee had installed a malicious application on a mobile used for work – potentially giving hackers access to business networks and data.
On top of all that, cyberattacks against businesses are becoming more common. In 2020, 43% of businesses suffered a cyberattack, often multiple attacks, up from 38% the previous year3 – and, while the average cost of a cyberattack was £8,460,9 the true costs can vary widely. In fact, around one in six of the firms affected said the incident threatened the survival of the business.
What is cyber security all about?
Given the range of cyber security threats facing businesses, and the potential consequences when things go wrong, defending against these threats is clearly very important – and that is where cyber security comes in.
In essence, cyber security is a body of technologies, processes, policies and practices designed to protect business computer networks, devices, software and data from attack, damage, or unauthorised access.10
Detailed guidance on cyber security is available from the National Cyber Security Centre, but alongside that, it is worth arming yourself with some key information - by asking some searching questions of your IT team.
Cyber security questions to ask your IT team
These days, it is crucial that business leaders are informed about and involved in cyber security – not just the IT experts. With that in mind, here are some of the key questions to ask your IT department as part of cyber security planning:11
- What are the top cyber security risks facing our organisation?
- Are we testing our systems before there’s a problem?
- Are we conducting comprehensive and regular cyber security risk assessments?
- Do we have an effective information security awareness programme for all employees?
- If we suffer a data breach, what is our response plan?
- Are we complying with leading information security standards such as Cyber Essentials?
- Do we have the right tools in place to detect a cyberattack quickly?
- Are supplier and supply chain risks part of our risk assessments?
- When was the last time we tested our cyber incident response plan?
Common cyber security mistakes
Alongside the insight you will gain from those questions, it is also crucial to understanding and avoid some of the cyber security mistakes that can undo efforts to defend against cyberattacks. Four common mistakes are:12
- Assuming that your business will not be a target: Every company is vulnerable to cyberattack, so engage with the issue and defend against the hackers.
- Underestimating the cost of cyberattacks: As noted above, one in six firms affected by a cyberattack in 2020 reported that the incident had been a threat to business survival.
- Failing to update security software: Security software is constantly updated to ensure it can deal with new, known threats, so failing to install patches and updates is akin to leaving the door open to hackers.
- Not educating employees about security: According to some experts, as many as 95% of cyber security breaches are caused by human error so – remembering that security is only as strong as its weakest link – ensuring that employees are aware of the risks is crucial to cyber security.
Consider cyber insurance
Clearly, despite all your best efforts to secure your business against cyber criminals, no organisation that is connected to the internet can be 100% safe - new attack types and human error will always leave an element of vulnerability.
That is where cyber insurance can help - stepping in to help deal with the impact of a cyberattack by covering costs and liabilities around data security, viruses, hacking, system damage, business interruption, threats and extortion.
In a world where cyber security risks are ever present and the cost of a cyberattack can be devastating, it just might be a crucial last line of defence.