Protecting your businesses from cybercrime, data loss and financial loss
This year some very well-known companies have had the rug very publicly pulled from under them thanks to cybercrime. So we have to look at and keep reviewing the issue… if it can happen to large corporates with big budgets, just how vulnerable are SMEs?
Andy Jenkins, Operations Director, is warning businesses that 2016 could bring more cybercrime misery, regardless of size or sector. He takes a look at how businesses are unwittingly exposing themselves to security breaches. He also advises how businesses should address these issues to minimise commercial damage and advises them not to bury their heads in the sand.
When a major cybercrime hits the news we all tend to sit up and listen, and then carry on our daily business. With Black Friday and Manic Monday kick-starting the festive shopping frenzy cybercrime will remain a hot business topic.
However, the reality is that many businesses still do not consider cybercrime to be a major issue. It simply isn’t a boardroom priority for them and, as such, these companies are doing little to minimise the risk associated with security breaches.
But the overall cost to the UK economy is huge. The Centre for Economics and Business Research recently put a price tag of £34bn, of which £18bn is the cost to business in lost revenues.
Of course, it’s the large businesses that get scrutinised publicly when they fall victim to cybercrime. But given SMEs are the backbone of the UK’s entrepreneurial economy, it’s important to put SME cybercrime under the spotlight.
The Information Security Breaches Survey 2015 (ISBS 2015) found 90 per cent of large organisations suffered a security breach in the last year. Seventy four per cent of small businesses suffered a breach – that’s an increase of nearly 25 per cent on the previous year. Drilling down from these figures, the survey cites the average cost of a security breach to a large organisation is £1.46m- £3.14m, and around an average of £75,000 to £311,000 for a small business.
If, as a group, they fall prey to online criminals then the legal liabilities and financial loss to UK Ltd will be felt within the whole economy. And, I am not just talking about financial losses. Due to their size a major cybercrime incident could be a nail in the coffin and enough to send them under.
Many of the publicised cybercrimes to hit business appear to be from malicious outsiders intent on causing trouble. Worryingly, however, the ISBS 2015 found staff related security breaches were also common; it was the cause of over 30 per cent of cases among small businesses and 75 per cent in large organisations.
This is cause for alarm since the survey also cites that 63 per cent of small businesses and 72 per cent of large organisations provide ongoing security awareness training to staff. It highlights a disconnect between the two which is a major issue for businesses to address.
But it’s not just weaknesses within an organisation that can expose a business to cybercrime. It can also be caused by an external threat within a company’s supply chain. How many businesses can confidently say, without doubt or reservation, they can protect their customers’ confidential data?
Given many SMEs feed into the supply chains of larger organisations, having the right protection in place is paramount. According to business advisory firm KPMG, SMEs risk being disqualified from procurement bids if they do not take the security of their clients’ data seriously. It highlighted over 85 per cent of those procurement managers surveyed would consider removing an SME supplier if they were hacked, and nearly 95 per cent ‘confirmed that cyber security standards are important when awarding contracts to SME suppliers’.
For Talk Talk, its recent security breach could cost the company over £30 million. Luckily for them, having the ability to underwrite that cost means the business will still carry on trading. But the theft of financial data, money transfers, customer payment details, card numbers, and bank accounts hits SMEs hardest. More than half of fraud and cybercrime victims suffer financial loss. Of that number 78 per cent received financial compensation and 62 per cent were fully reimbursed (figures from the Office of National Statistics, October 2015).
It isn’t uncommon for businesses to think they have the right insurance cover. However, it can actually be that a policy will not adequately cover against cybercrime. We are here to outline these issues and make sure none of our customers become unstuck. If you want to discuss in confidence about cyber security at your business please don’t hesitate to contact us. The adage ‘prevention is better than cure’ certainly applies to mitigating the risks of cybercrime and insuring your business to minimise the damage caused.
Call 0115 947 0032 to speak to one of our specialist professionals.