This week, the government announced new measures to beef up policing against cyber crime, including a new emergency response unit to advise victims of hacking attacks. The plans marked the first anniversary of the UK’s cyber security strategy and the government stated that, while progress is being made, cyber attacks are a growing threat to businesses.
Organised crime gangs have recognised there are potentially rich pickings on offer by stealing people’s personal data from firms’ websites and trading them on the “dark web” – the online underworld.
In his statement to Parliament, Cabinet Office Minister Francis Maude quoted a startling figure from a recent PwC study, which stated that 93% of large corporations and 76% of small businesses have experienced a cyber security breach in the past year. If true, those are very scary statistics. What’s worse, many of those companies may be completely unaware they’ve suffered an attack.
Earlier this week, I got a sense myself of how widespread cybercrime may be. I had a meeting with an online security firm, who quickly discovered that the passwords of customers of two firms I’m familiar with have been stolen. One person’s password had been used to try to hack into their bank account.
That really brought home to me how a hacker attack could occur to any company. These firms aren’t big names, nor are they what I would have considered to be prime targets for hackers.
I’ve blogged before with some simple tips to protect your business against cyber attacks . I’ve also mentioned in a previous blog the website of the Information Commissioner’s Office, which has a brief, informative guide to small businesses’ obligations under the Data Protection Act and a checklist to help SMEs comply with the law.
If you’re worried then get advice from professionals. If your IT services are hosted by a third-party provider then it’s important to quiz them on the strength of their own security and what measures they have in place to protect your clients’ data.
If you run your own systems, there are plenty of IT security firms that would perform checks on them – including scans to see if any malware has been downloaded on them – and advise you on how to beef up your defences, if necessary.
More firms are becoming aware of the threat of cyber crime. They are also waking up to their responsibility for the safe keeping of their clients’ data, but they may not be sure about what are the precise implications of this obligation. There are cyber insurance policies available that can provide victims with expert help and guidance.
They also offer protection against the financial effects of an attack, which can be harmful: the PwC study says the average cost for a small firm of a cyber security breach is estimated to be between £15,000 and £30,000.
Good insurers will routinely cover the cost of a forensic examination of a firm’s systems to find out exactly what has occurred, as well as reimbursing the expenses incurred in notifying clients that their data has been stolen.
The blow to a company’s reputation from a cyber attack can be devastating. Insurance can help to protect that reputation, by paying for communications support to help you reassure your customers and keep them informed. Online firms can also buy business interruption cover to compensate their earnings that have been lost as a result of a hacker attack.