Earlier this year, the UK’s largest private forensics provider is thought to have paid a ransom to the hackers who brought its IT systems to a standstill in a sophisticated ransomware attack. Ransomware is malicious software that prevents a user from accessing their files, often until a ransom is paid to the hackers. Police halted work with the company, Eurofins, which processes more than 70,000 criminal cases for the force each year, and it took three weeks for its operations to return to normal.
This kind of sophisticated attack makes headlines – and can spread a false sense of security around the small business community. Publicity around major cyber attacks focuses on the damage to public organisations, government bodies and large businesses – but why would hackers be interested in small businesses in Manchester or Slough?
SMEs offer easier pickings
Unfortunately, the idea that small businesses are immune from cyber attack is dangerous and wrong. Larger companies may offer richer pickings, but small businesses offer easier ones. Small businesses can bring quick financial wins to criminal hackers, and a potential backdoor into the supply chains of larger businesses. Nobody is immune from cyber attack.
According to the latest Government statistics, 31% of small or micro businesses identified data breaches in the previous 12 months. In addition, a study by small business insurance specialist Hiscox revealed that one in three small businesses in the UK has fallen victim to cyber crime. This means that a UK business is successfully hacked every 19 seconds, and with the average yearly cost of cyber incidents to a small business running to £10,000 per year, it’s easy to see how devastating they can be.
GDPR regulations mean that the Information Commissioner’s Office can issue hefty fines for companies that do not properly protect customer data. Reputational damage may be more costly still. Losing customer data means losing customer trust, a consequence that many businesses struggle to recover from.
Only as secure as your weakest link
Even businesses that develop technology-based solutions may not fully understand the risk. Those developing software based on AI, for example, may face new threats that are not yet properly defined. Those working with the Internet of Things (IoT) will know that a wide network of connected products and devices is only as secure as its weakest link. It is best to assume that hackers view each new technological leap as an opportunity.
For small businesses, the increasing popularity of cloud computing can offer added security when compared with on-site infrastructure, but small businesses still need to understand the threats they face. While data may be safe on an AWS or Microsoft server, how safe is it in transition? How safe are the internal and external networks across which data travels?
Protecting your business
For many small businesses, the answer to these questions may be that they just don’t know. In which case, a full security review is vital. Find out what assurances your network and cloud services providers give around security. Make sure the operating systems on your company computers are fully updated. Use a Virtual Private Network (VPN) to connect remote or travelling employees to the company network.
There is much more. Ideally, you will have a formal cyber security strategy, training for staff and a thorough documentation process. Unsurprisingly, small businesses often struggle to cover all bases when it comes to cybersecurity. That’s why it’s also important to consider cyber insurance on top of preventative measures.
Tellingly, Hiscox research has found that nearly two thirds of cyber experts have taken out cyber insurance, compared to less than a third of novices. The more you know about cyber threats, the more important cyber insurance becomes.
Cyber insurance – or cyber liability insurance – covers your business for the cost of investigating a cyber crime, recovering lost data and restoring computer systems to an operational state. In addition, it covers the loss of income if your business has to temporarily shut down, and the cost of any reputation management measures you might have to take.
Good cyber insurance also covers you against third party claims including damages and settlements, and the cost of defending yourself against claims of a GDPR breach.
The simple fact is that if your small business is subject to a data breach this protection may mean the difference between staying in business and going bust.
Not every business needs cyber insurance, but if you use, send or store digital data, especially customer data, it could be one of the best investments your business makes.
Specialist small business insurer Hiscox sponsors the Sunday Times Hiscox Tech Track 100, the definitive league table ranking the UK’s fastest growing private tech companies. As small businesses become more reliant on technology, they are increasingly becoming the target of cyber criminals. Hiscox CyberClear has been rated the most comprehensive cyber insurance policy for small businesses.