UK businesses face a high risk of cyberattacks with many under-prepared for breaches, according to recent research by Hiscox, an insurer. Common cyber security issues include:
1. Phishing: frequently carried out by criminals through email and instant messaging, tricking users into giving out personal information such as bank account numbers, credit card details and passwords.
2. Malware: this is malicious software such as viruses, spyware and Trojan horses that infiltrate and harm computers without users' consent. Attacks are typically carried out where a user downloads and opens an apparently legitimate file.
3. Ransomware: this is a subset of malware. The victim is threatened with the publication of their private data or, conversely, being perpetually blocked from accessing it unless a ransom is paid. Advanced ransomware encrypts the victim's files, making them unusable, before a demand is made for a ransom to provide the necessary decryption.
Hiscox reported that 55% of firms had been subjected to an attack in 2019. 75% of those attacked were described as novices in their readiness for a cyber security breach. Whilst average losses from these breaches increased from $229.000 in 2018 to $369,000 in 2019, British firms had the lowest security spend, with an average budget of $900,000 compared to $1.46m across the surveyed group of 5,400 small, medium and large businesses from Europe and the US.
Separately, in their 2019 Global Threat Intelligence Report, US firm NTT Security identified the technology sector as being hit with 47% of all cyberattacks in the UK in the last 12 months, with manufacturing in 2nd place with 20%, and finance in 3rd spot with 13%.
One consequence of the EU General Data Protection Regulation (GDPR) is that the threat of cybercrime could be amplified further, as a monetary value is put on data through regulators' ability to impose fines, providing cybercriminals with significant leverage in ransomware attacks, where the ransom itself may be less than a potential fine issued. Under EU laws, businesses can be hit with fines of up to €20m or 4% of global annual turnover if GDPR is breached.
Companies can judge areas of risk in how they handle data through a business-wide review of their processes, assessing how to mitigate & by developing appropriate controls, whilst in some cases deciding whether data should be shared at all. With ever-present threats from rogue states and organised criminals, it is vital that businesses build appropriate defences to safeguard their operations, so that they can effectively protect their clients' data privacy in 2019.
New regulation has also prompted action, with eight in ten UK firms saying they had made changes since the introduction of tough new EU data protection rules last year.