The Small Business Guide to Cyber Attacks

Hiscox banner shape mask mobile Hiscox banner shape


In today’s increasingly connected world, it’s more important than ever to the be aware of the potential risks your business could face online and how cybercrime affects businesses. A cyber-attack has the potential to be financially and reputationally devastating for a small business if you do not have the appropriate precautions in place.

As every business knows, reputation and customer trusts takes years to build. Yet, this can be destroyed in as quickly as minutes if the business is targeted by a cyber-attack. Even multi-million-pound organisations have been left wondering how someone could break in through their cyber back door to steal their data at lightning speed. Sometimes it only takes a click.

One way to define cyber-attack is as a criminal activity where a computer system, network or application is attacked or hacked, with the aim of stealing, destroying or holding data ransom.

Cybercrime in business poses an ongoing threat, and it’s worth having an understanding of what a cyber attack would look like, what you can do to safeguard your business and how to take action if you fall victim to a cyber-attack.

What are the cyber statistics in the UK?

To gauge the threat that cyber-attacks pose a business, here’s a look at the rate of cyber crime in the UK and how many cyber-attacks per day.

2018 study by Hiscox found that small businesses are targeted by an estimated 65,000 attempted cyber-attacks every day. Furthermore, one in three UK small businesses suffered a cyber breach last year.

Additional research by the Office of National Statistics (ONS) looking at cybercrime statistics in 2018 [1] found that in the year ending in March 2018, an estimated 4.5 million cybercrimes were committed in England and Wales, including personal and business-related incidents.


What are the costs of cyber-attacks?

Breaches of cyber security cost the average small business £25,700 last year, including costs such as ransom payments and hardware replacements. On top of this, there were indirect financial factors, such as managing damage to reputation and the cost of losing customers.


What are some real examples of cybercrime?

Cybercrime can affect businesses of all sizes and industries. Some examples of cybercrimes that a business might fall victim to are the theft of customers’ bank details or personal records, including their names, addresses and passwords. Ransomware is a form of malware that is increasingly used to hold a business’ data ransom in return for money.

British Airways are one of the latest businesses to have hit the headlines after admitting they had suffered a major security breach in August 2018 [2]. Hackers spent two weeks inside the BA systems, during which they took the personal and financial details of customers who made or changed bookings on the BA website and app during that time.

The Student Loans Company also reported earlier this year that they sustained nearly one million cyber-attacks in the last financial year. This included one successful 'cryptojacking' malware attack, which fortunately didn’t compromise any customer data.

The infographic highlights some more real-life examples of cybercrime and high-profile data breaches, from the likes of big brands such as eBay, Morrisons and Sony.

See our other FAQ guides for more information on cyber liability and the crime’s it protects.


How to prevent cyber attacks

Fortunately, there are some simple ways that your business can improve your cyber security and protect yourself from cyber-attacks.

Cyber Security Training
These include providing your staff with training in cyber security principles, such as locking their computers when they’re not at their desk, regularly changing their passwords and not opening suspicious files or links.

Control Data Access
It’s essential to control access to your computers and network by providing employees with their own password-protected user accounts and limiting authority to download software and access sensitive data.

Antivirus Software
Further to this, you can protect your computer systems by installing and regularly updating antivirus and antispyware software, using firewalls for your internet connection, securing WiFi networks with passwords, and keeping software for your operating systems and applications updated.

Hiscox Video shape

Hiscox CyberLive Campaign

In a media first, we use real-time cyber attacks in our latest advertising campaign - Cyber Live

Where to report cyber crime

In the case that your business falls victim to a cyber attack, it’s important that you know the correct process for dealing with cybercrime.

All cases of cybercrime should be reported to Action Fraud (external link), who will then inform the National Fraud Intelligence Bureau and provide a police crime reference number.

If your business has suffered a financial loss, get in touch with your bank at the earliest possible time, in order to protect your accounts and start a fraud investigation. Also, if you have cyber insurance for your business, it’s worth getting in touch quickly to make them aware of the situation, so that they can step in to assist swiftly.

Incidents where data is compromised or stolen may breach GDPR, so it must be reported to the ICO within 72 hours in order to minimise possible penalties.

Cyber security is as important for small businesses as it is for large corporations. To avoid falling victim to cybercrime and the consequences that come with it, make it a priority to enforce data security procedures and to install adequate antivirus and antispyware software.

It’s also worth considering having cyber insurance as part of your small business insurance, which can help to cover the costs of data recovery, system repairs, reputation management and legal defence if your business was targeted by a cyber-attack.

[1] (external link)

[2] (external link)

Find out more information about specific cyber attacks

Related guides & FAQs

What is a phishing attack?

Read full article

What is ransomware?

Read full article

What is Cyber Insurance?

Read full article