One in three businesses (32 per cent) was a victim of a cyber attack or breach in the past 12 months, findings from the Cyber Security Breaches Survey 2019* show.
While this is lower than in 2018 (43 per cent) and 2017 (46 per cent), those who were victims typically reported facing six attacks, compared to two in 2017.
The report, published by the Department for Digital, Media, Culture and Sport, shows that phishing attacks were the most prominent crime (80 per cent), followed by impersonating an organisation (28 per cent). These both rely on human error, and are now more common that spyware, viruses, or malware attacks (28 per cent).
While businesses have increased their defences, cybercriminals are becoming more sophisticated. They are also focusing more on softer targets, such as the smaller businesses with 500 or less employees, rather than their larger counterparts, who have more money to spend on .
The cost to business is also increasing, with the loss of data or assets now costing a business £4,180 on average (2018 £3,160).
Cybersecurity is now a high priority for senior management across 78 per cent of businesses, with one in three now having a cybersecurity policy in place and delivering staff training.
Jon Abbott, CEO of IT services provider Priority One and founder of cybersecurity platform ThreatAware, comments: “Dealing with the changing threat landscape requires a more integrated approach than before. Patching, web browsing protection and anti-virus software are critical but businesses also need the right policies, procedures and culture.
“As cybercrime becomes more complex, boards need to lead the fightback and work closely with IT teams and managers throughout the organisation to ensure they are in the best possible position to defeat [protect] themselves against the threats.”
Here are 5 basic steps you can take to reduce the risk to you and your SME business, from the National Cyber Security Centre**:
Back up your data
Identify what data you need to back up
Keep your back-up separate from your computer
Consider the cloud
Read the NCSC cloud security guidance
Make backing-up part of your everyday business
Protect your organisation from malware
Install (and turn on) antivirus software
Prevent staff from downloading potentially dangerous apps
Keep all your IT equipment up to date (patching)
Control how USB drives (and memory cards) can be used
Switch on your firewall
Keep your smartphones and tablets safe
Switch on password protection
Make sure lost or stolen devices can be tracked, locked or wiped
Keep your device up to date
Keep your apps up to date
Don’t connect to unknown Wi-Fi hotspots
Use passwords to protect your data
Make sure you switch on password protection
Use two-factor authentication for “important” accounts
Avoid using predictable passwords
Help your staff cope with password overload
Change all default passwords
Avoid phishing attacks
Configure accounts to reduce the impact of successful attacks
Think about staff training and how you operate
Check for obvious signs of phishing
Report all attacks
It is quick and easy to fraud or cybercrime to Action Fraud online or by calling 0300 123 2040.
Cyber security is a collective responsibility and it is essential that SMEs take the necessary steps to protect against cyber attacks.
If you have any concerns relating to this matter, we are able to put you in touch with companies within our extensive network of contacts who will be able to assist. It’s part of our commitment to supporting SME businesses by providing holistic business advisory services.