The Small Business Guide to Cyber Attacks

What is a cyber-attack?

A cyber-attack is a criminal activity where a computer system, network or application is attacked or hacked with the aim of stealing, destroying or holding data to ransom. 

Cybercrime poses an ongoing threat to small businesses. Therefore, it’s important to understand what a cyber-attack is, what one looks like, the measures you can take to safeguard your business and how to act if you fall victim to any form of cybercrime.

What are the cyber statistics in the UK?

To understand the threat of cyber-attacks on small businesses, here's a look at some vital statistics on cybercrime against small firms and UK businesses.

A 2019 study by Hiscox shows cybercrime is on the rise. More than half (55%) of UK firms reported an attempted cyber-attack in 2019, a 15% rise from 2018. Small businesses are becoming increasingly at risk, too – the report highlights a 14% increase from the previous year in firms reporting cyber-attack incidents. 

The results of a GOV.UK survey (external link) released in March 2020 confirms cyber security breaches are becoming more frequent. It found 46% of UK businesses and charities reported a cyber-attack during the year. Of those, 33% claimed they experienced a cyber breach in 2020 at least once a week – up from 22% in 2017.

The average mean cost of a cyber security breach for a small business in 2019 was £11,000. This figure includes costs such as ransom payments, hardware replacements and indirect factors such as business interruption.

The Hiscox Cyber Readiness Report is updated every year with the most up-to-date statistics.

Types of cybercrime

Phishing attack

Hackers use phishing to get victims to part with personal data. This usually comes via a link presented in an email, SMS or instant message. Discover more about phishing attacks with our FAQs. 

SQL injection

An SQL injection happens when a cyber-criminal embeds harmful code into a webpage or application to access data. Read through our SQL injection FAQs and learn how to prevent one of these cyber-attacks.

Malware

Malware is malicious software designed to cause harm to a targeted computer or server. Viruses and worms are malware, as is ransomware, which is often launched as part of a phishing attack.

Denial-of-Service attacks

A denial-of-service cyber-attack is performed by hackers to halt the operation of an online service and might be carried out by inundating a system with requests or traffic, rendering it unusable.

Man-in-the-Middle attacks

During a man-in-the-middle cyber-attack, a cyber-criminal will intercept conversations, transactions and the transfer of data between the victim and a service they’re trying to use.

Examples of recent cyber-attacks

Reading about real-life cyber-attacks can help you to understand what a cyber-attack is, the potential impact, and how to prevent anything happening to your small business.

Capital One breach

In July 2019, financial corporation Capital One found a cloud-based data storage server had been hacked. This gave criminals access to personal information from small business customers which had applied for a credit card with the company. It’s thought that approximately 100 million people (external link) in the USA and six million in Canada were affected.

The Weather Channel ransomware

The Weather Channel was targeted by a ransomware attack in April 2019. The television service was impacted by a ‘malicious software attack’ (external link) as it was due to go live at 6am, but was back on air within two hours. This turnaround is testament to the service’s cybercrime preparations – they had a backup system ready to launch.

U.S. Customs and Border Protection/Perceptics cyber-attack

In June 2019, it was confirmed by the U.S. Customs and Border Protection (CBP) that photographs of faces and license plates had been compromised. This was a cyber-attack on the company network of federal subcontractor Perceptics. It’s thought that around 100,000 individuals (external link) had their images stolen at one land border entry port.

Citrix breach

Software company Citrix was contacted by the FBI in March 2019 with news that hackers had potentially gained access to large quantities of sensitive data. It’s believed that a cyber-criminal group used a combination of techniques, including ‘password spraying’ to access emails, files and business documents.

Texas ransomware attacks

In August 2019, it was revealed that organisations connected to the local government of 23 towns and small cities (external link) in Texas were struck by a co-ordinated ransomware attack. The hacker targeted small municipalities demanding a ransom, making services such as payment processing impossible.

How to prevent cyber-attacks

By putting the right processes in place, you can safeguard your small business. Fortunately, there are some simple ways to improve your cyber security, stay protected and prevent cyber-attacks:

Cyber security training

Provide training in cyber security principles, such as locking their computers when they’re not at their desk, regularly changing their passwords and not opening suspicious files or links. Access to the Hiscox Cyber Clear Academy is included with Hiscox cyber and data insurance policies and provides a suite of cyber security training modules for your staff.

Control access data

Control access to your computers and network by providing employees with their own password-protected user accounts and limiting authority to download software and access sensitive data.

Antivirus software

Install and regularly update antivirus and antispyware software, use firewalls for your internet connection, secure Wi-Fi networks with passwords, and keep the software for your operating systems and applications updated.

How to report a cybercrime

Unfortunately, cyber-attacks on small businesses are a common occurrence. In the event you fall victim to a breach, it’s important to know the correct process for dealing with cybercrime.

All cases of cybercrime in the UK should be reported to Action Fraud (external link), who will then inform the National Fraud Intelligence Bureau and provide a police crime reference number.

If your business has suffered a financial loss, get in touch with your bank at the earliest possible time to protect your accounts and launch a fraud investigation. If you have cyber insurance for your business, it’s worth getting in touch quickly, so your insurer can step in to assist.

Incidents where data is compromised or stolen could breach GDPR, so these must be reported to the ICO (external link) within 72 hours to minimise possible penalties.

Cyber security is as important for small businesses as it is for large corporations. To avoid falling victim to cybercrime and the resulting consequences, make it a priority to enforce data security procedures and install adequate antivirus and antispyware software.

It could also be worth adding cyber insurance to your small business insurance policy. This cover may help with the cost of data recovery, system repairs, reputation management and legal defence if your business is targeted by a cyber-attack. 

Disclaimer:

Our FAQ pages provide general information and background around the topic covered. FAQ pages are reviewed and monitored periodically by our insurance experts. But the content is not intended to be read as advice and any material is for general information purposes only. If you would like advice for any content, please seek professional assistance.