Cyber Security Report Reveals Risks for Businesses
Cybercrime is a constant threat for businesses and can take many forms, from spam emails to compromised business networks and infected mobile phone apps. In the last year, there have been successful cyber-attacks on British Airways, the Marriott Hotel Group and Facebook, to name just a few. Our Operations Director, Andy Jenkins, takes a look at the recently published Symantec Internet Security Report which has revealed a number of interesting figures around cyber security for companies.
“Cybercrime continues to be a major concern for businesses and shows no signs of abating. The MORI Cyber Security Breaches Survey found that four in ten businesses and a fifth of charities had experienced a cyber-attack. The impact of such an attack on an organisation is far reaching - from business interruption and fines to loss of customer data and a company’s reputation. Cyber breaches are potentially extremely expensive, particularly since the introduction of GDPR which gives companies 72 hours to report a cyber-attack and the added potential of facing a large fine. It is predicted that companies globally could incur £4.1 trillion in additional costs and lost revenue over the next five years due to cyber-attacks. The cost of responding to cyber breaches can be so high due to the number of professional teams involved in managing the response, from legal and IT forensics teams to customer gestures and business interruption costs.
According to the Symantec Internet Security Report, which shares the latest insights into cybercrime trends, small organisations were more likely to be hit by email threats including spam, phishing and email malware than large organisations in 2018. An example of an email threat would be an email that looks like an invoice or receipt with an attached file containing malicious script that downloads when the attachment is opened. The number of malicious email attachments sent as Office files rose to 48 per cent last year, an increase of five per cent since 2017. Spam levels also continued to increase with 55 per cent of emails received being categorised as spam.
The report showed that overall ransomware – a type of malicious software – was down by 20 per cent in 2018, however enterprise ransomware was up by 12 per cent. The main distribution method of ransomware in 2018 was email-based attacks, which explains why businesses tend to be affected more because email is the most common type of communication for organisations. Poorly secured cloud databases and mobile device security also continued to be areas of vulnerability for businesses. During 2018, one in 36 devices used for business were classed as having high risk apps installed and mobile ransomware infections increased by 33 per cent from 2017.
When thinking about corporate cyber security, companies should educate their employees about taking responsibility for the security of their own data. Human error is the cause of one in five breaches and more than a quarter of cyber-attacks involve insiders, according to the Verizons 2018 Data Breach Investigations Report. Many employers give their staff mobile devices with little or no plan in place as to what the individual could download. One of the most important thing is encouraging employees to think about their personal data responsibility and then applying this culture to the devices they use in their professional lives.
It is clear that cybercrime remains a significant concern for business owners and cyber security policies are an essential need. Our cyber team can cut through all the noise surrounding the issue and simply point out what cover you need for your business and why. We can highlight emerging risks and construct policies that can evolve with those risks. Policies can also offer protection for directors and the business, allowing the running of the business to continue, and we can build in additional support from selected insurers and other specialist firms, which offer forensic services, remediation support, legal and PR advice to deal with any cyber issues. One of the greatest benefits of a bespoke cyber policy is that it can come with access to a 24/7 breach response team, to help contain and deal with the immediate fallout from an attack.”
If you have any concerns about the security of your computer systems and how to make sure you are covered in the event of a cyber breach, get in touch. We'll be happy to help.