Cyber Attacks Targeting SMEs on the Rise
In 2015, cyber crime became the most common criminal offence in the United Kingdom, with about 8 million cases. Despite these findings, 44 per cent of UK business do not believe that they will be a target of a cyber attack, according to industry research, and 71 per cent of cyber attacks are aimed at businesses with fewer than 100 employees. The reason is simple—generally, SMEs think they are too small to be valuable to hackers and thus do not invest in cyber security or cyber awareness training.
The average cost to an SME for a security breach is between £75,000 and £311,000 according to government research. However, that does not include related costs such as rebuilding a destroyed reputation. And, when the EU’s new GDPR comes into force in 2018, it could require companies to pay about £16 million or 4 per cent of their annual turnover for customer data breaches, whichever is greater.
The good news is that nearly 80 per cent of breaches can be stopped by implementing basic cyber security, according to industry experts. Here are the five most common and dangerous cyber threats to SMEs:
- Ransomware: A piece of malicious software that encrypts all of the data on a company’s network and that can only be decrypted after paying cyber criminals a ransom—generally between £500 and £1,000.
- Hacking: A cyber criminal will exploit an unpatched vulnerability within a company’s security software to access its data. Generally, the criminals are interested in personally identifiable information (PII) on a company’s customers—especially credit card information.
- Denial-of-service attack: A company’s website is maliciously overwhelmed by a high volume of data pushed to its servers, which temporarily or indefinitely interrupts services.
- Human error: Information lost or distributed to the wrong person (accounted for 50 per cent of the worst breaches last year).
- CEO fraud: A cyber criminal poses as a senior person within a company, either by hacking or ‘spoofing’ an email account, and convinces someone with financial authority to transfer money.
Understanding these risks is the first step to cyber security. The second is contacting CIEEM Insurance Services for helpful guidance on cyber security and to discuss cyber security insurance.
Consumer Reaction to Corporate Cyber Attacks