How being cyber-savvy can support you with your business
Posted: Wed 22nd Nov 2023
From cash flow and funding to tech and marketing, the very start of your business journey is full of important decisions. But there's one factor that many early-stage firms miss off their checklist: cyber security.
Nearly half (48%) of UK companies have been attacked at least once, according to the latest Hiscox research. Today's companies can expect anywhere up to six cyber attacks a year. So, any failure to prepare could halt your business adventure before it's even begun.
Read on to explore the latest cyber risks and trends. We'll also look at some practical, cost-effective steps young companies could take to manage digital threats.
How UK firms are battling on a number of fronts
If you're new to the business world, cyber attacks may bring to mind blockbuster thrillers and international espionage. But as the 2023 Hiscox Cyber Readiness Report shows, the threats are much closer to home.
Attackers continue to target UK firms on several different fronts, with business email compromise (37%) and corporate cloud servers (31%) the main entry points. Employees (26%) are also vulnerable through phishing emails, poor password practice, or lost credentials. Other entry points include corporate-owned servers (23%) and mobile devices (22%).
Costs of attacks quickly mount up
The potential cost of cyber attacks remains high, despite dipping over the past year. In the UK, it's around $24,200 on average. And Hiscox's international findings show that one in eight businesses that experienced a cyber attack faced costs of $250,000 or more.
Misuse of IT resources is the top result of a cyber attack, accounting for 29% of UK incidents. Virus outbreaks (27%) follow, while payment diversion fraud (24%) is another issue. This is where criminals pose as suppliers and trick employees into sending payments to fraudulent accounts.
Internationally, payment diversion fraud now causes losses for one in three businesses.
Mixed results for ransomware victims
Elsewhere, 18% of UK firms and 20% internationally have experienced ransomware attacks this year. This type of attack traditionally locks business owners out of essential IT systems until they pay a ransom. More recently, criminals gain access to internal or propriety data and threaten to leak this vital data unless a payment is made.
Some 61% of UK ransomware victims have agreed to pay their attackers, slightly down on last year's 63%. However, just 44% of firms managed to recover all their data following an attack.
Overall, companies with between one and 49 employees now account for 28% of UK cyber attacks, showing the scale of the challenge for smaller firms.
The international picture is similar. Hiscox found that 36% of global businesses with fewer than 10 staff have suffered attacks. This number has risen by more than half in just three years.
Cyber threats top business risk chart
On a positive note, awareness of cyber threats remains strong among UK companies. They top the 2023 business risk list, alongside economic issues (37%).
Meanwhile, cyber security spending as a proportion of overall IT budgets has climbed to 23%. And nearly a third (29%) of firms now have a stand-alone cyber insurance policy.
Eddie Lamb, director of cyber education and advisory at Hiscox, says:
"The battle with the cybercriminals is never-ending. But preparedness is the key to fending off attacks and limiting potential damage to the business."
Five practical ways to boost your cyber savvy
Maintaining a steady cash flow, curbing costs, attracting new customers… the to-do list for an early-stage company may seem endless. Yet cyber resilience shouldn't get lost in the hustle and bustle of daily business life.
These five quick wins could help you face common cyber challenges. They show that it's not all about financial firepower, but also how you think.
1. Take passwords seriously
Loose password protection can open the door to cyber attacks. But a few easy fixes should put things right:
Try to memorise passwords. Writing down lists of passwords or keycodes could leave you in hot water if a thief broke into your premises.
Avoid predictable words. The National Cyber Security Centre suggests using passwords that someone who knows you well wouldn't be able to guess in 20 goes.
Change manufacturers' defaults. If laptops, phones and other devices come with default passwords from the manufacturer, make it a priority to alter them.
Consider adding two-step verification. This forces staff to prove their identity with a password, plus a separate method.
2. Warn staff about phishing
Phishing is a way of prising valuable company information out of employees – without them realising it.
An attacker creates a fake email that looks similar to those from genuine organisations. The email then asks for financial details or points the reader to a malicious website. These communications are often difficult to spot and could lead to significant losses.
You can encourage staff to look out for the common signs of phishing. They include:
spelling or grammatical mistakes
design issues or incorrect logos
urgent demands, such as requests for a response within 12 hours
claims that sound too good to be real
3. Protect key devices with antivirus software
Antivirus programs are specifically designed to flag and remove malicious software and computer viruses. They work by regularly scanning for malicious code and quarantining anything suspicious.
Some operating systems offer basic antivirus protection for free. More advanced products are available from third parties at a cost. Researching different pricing and features should help you make the right choice for your business.
4. Keep track of software updates
Nagging messages in the corner of your screen may be annoying. But their job is to remind you of security patches and software updates.
It's true that they might force you to restart your device, taking precious minutes out of your day. But they'll optimise your systems, protecting your data against the latest bugs and glitches.
5. Encrypt the most sensitive information
Even the smallest business will have a potential treasure trove of valuable data that hackers could exploit. Bank account details, client addresses and product designs will all need protecting.
For that reason, it's worth researching encryption programs to see how they might shield your data. These programs scramble data into unreadable codes. It's only possible to decipher it with a special access key.
Ultimately, it serves as a final barrier if your data is compromised. An attacker may have sensitive files in their possession – but understanding them is another matter.
Cyber insurance with Hiscox
Get a free online quote for your business in minutes with Hiscox. Make the most of the exclusive 10% discount for Enterprise Nation members and start building your cover now.