The Hiscox Cyber Readiness Report 2019 was released earlier this week. The report, which uses business information across seven countries, highlights a marked increase in threats to small and medium-sized businesses.
Unsurprisingly, reports of cyber attacks have increased for UK firms in 2019 – jumping from 40% to an alarming 55% over the past twelve months.
A key contributor to these statistics is a complacency when it comes to cyber security – if you think that your business won’t be targeted by cyber criminals, then you’re greatly mistaken.
You cannot afford to make that wager – the financial implications of being unprepared for and suffering a cyber attack are too great.
Fail to prepare, then prepare to fail
One of the concerning statistics to emerge from the report is that 72% of UK firms are considered novices in their IT security. Cyber criminals are not novices and they will prey upon those who are. If your cyber security is not up to scratch, your business is a ripe target for a cyber attack.
However, businesses have moved to appoint heads of cyber security. Those without a dedicated expert have fallen to 20% from a previous 33% in 2018.
This raises the following question:
If more businesses have employed a cyber security expert, then why are firms predominantly made up of cyber security novices?
There are two explanations for this:
- The expertise is not filtering down to employees through IT awareness training; or
- Cyber criminals have gotten smarter and their methods more sophisticated.
With nearly three quarters of businesses in the report vulnerable to a cyber attack, and the amount of cyber attacks increasing, it is crucial that your business addresses the two above deficiencies with an IT strategy review.
Increasing Cyber Threat Landscape
Since 2018, the amount of reported cyber attacks have risen from 45% to 61%. This is a worrying but unsurprising trend.
Firms reporting four or more cyber attacks in a year have risen to 30%, up from 20% in 2018. This is excessive, but it can be remedied with a proper IT security strategy in place that accounts for every attack vector. This includes endpoint security, network security, BCDR, and more.
“…where hackers formerly focused mainly on larger companies, small-and-medium-sized firms are now equally vulnerable.”
Cyber CEO, Hiscox
Meanwhile, attacks on small and medium-sized businesses have risen to 59%. This demonstrates that large companies are no longer the sole victims – if a cyber criminal can breach your business, they will, regardless of its size.
Hackers are opportunists and often choose the path of least resistance, so our recommendation is to prepare your business for a cyber attack, regardless of the perceived likelihood.
Create a Strong Password
A strong or weak password can often be the difference between a breach and a secure business. It’s no coincidence that the findings published by Hiscox were released in the same week that the NCSC (National Cyber Security Centre) reported clear gaps in password knowledge.
For example, the password ‘123456’ was found to be the most widely used password in breached accounts, used a staggering 23.2 million times.
Other popular, yet predictable passwords include: ‘password’, ‘qwerty’, first names, favourite football teams, and favourite musicians.
If you want to stay protected from a cyber attack it’s simple. Don’t use something personal or that can be guessed easily.
Instead, use a password manager in conjunction with a password generator tool to secure your accounts effectively.
Financial Impact of Cyber Attacks
The financial impact to your business from a cyber attack can be devasting. In the last 12 months, the mean cost of all UK cyber security incidents has risen from £177,000 to £285,000 – an increase of around 61%. Sustained cyber attacks over a 12 month period would therefore be terminal for your business.
Over the last year, only 5 of the 15 sectors cited in the Hiscox report have seen a reduction in the average cost of all cyber crime incidents.
Arguably one of the most staggering statistics from the report is that the mean cost of the largest single incident has risen from £26,000 to £155,000 in the last year. Such a dramatic increase not only emphasises the burgeoning industry of cyber crime, but that businesses need to do more.
Not only must you have all of the necessary cyber security solutions in place, but your staff must possess IT awareness training.
The cost and damages associated with a cyber attack leave no doubt that prevention is better than cure. Simply being aware of the threat of cyber crime is no longer sufficient – you must take measures to protect your staff, business, and supply chain.
The report confirms that most businesses are still not cyber ready. Neuways recommends investment in an IT consultancy and an IT strategy review. These are great places to start because they will assess your business’s cyber readiness and put in place a cyber security roadmap for future-proof protection.