Smaller firms ‘face £52bn in fines’ for security breaches
All the news and analysis for ambitious company owners
BRITISH firms were each subjected to an average of almost 230,000 cyber attacks in 2016, according to analysis from business internet service provider Beaming.
The average volume of attacks hitting individual company firewalls passed the 1,000 per day mark for the first time in November.
Meanwhile, the Payment Card Industry Security Standards Council suggested that UK firms could face up to £122billion in fines for cybersecurity breaches in 2018. Of that, £52 billion will be levied on small to medium size enterprises, it said.
The Federation of Small l Businesses welcomed the launch of the Government’s National Cyber Security Strategy, announced in November. But chairman Mike Cherry has warned ‘the scale of threat to small businesses must not be underestimated.’
Small businesses are the victims of more than seven million cyber crimes a year, costing the sector £5.26billion. A survey of small businesses by accountancy giant KPMG last year found more than 60 per cent had experienced a cyber breach in 2016.
Insurer RSA, which was last week hit with a £150,000 fine over stolen customer files, has warned that ‘the people who work for the company are the weakest links in any busi- ness’. Helen Carpenter, its cyber and liability product lead, said: ‘A recent scam involved identifying firms that were or had recently been advertising a job, and then sending them an email purporting to apply for that job. ‘Instead,Inst when the employee ope opened the attachment la labelled CV, it contained m malware that encrypted the computer and demanded payment in order to unlock the data. ‘The most common risk to affect a small business is ransomware. This is commonly used by fraudsters to disable the business’s systems and extort cash from owners in exchange for allowing them to access their systems.’
She added: ‘Many smaller firms believe that only large businesses are affected by cyber crimes, but this is not the case.
‘Larger firms often have sophisticated defences that make them harder to penetrate. Increasingly, it can be as profitable to initiate an attack that aims to catch many smaller businesses in a wider net.’
Executive search firm Cartwright James said it is often attacked. Ben Hornsey, director of Cartwright James, said: ‘Cyber attacks come in a variety of formats, from fake invoices to excel documents and attachments.
‘Most are clearly spam, however, we were caught out when somebody new to the business opened an attachment which installed a virus. The files became inaccessible, only unlockable via a ten-digit code. We were unable to access these files until we paid a ransom or found a solution. The ransom was four bitcoins, about £3,000.’
Meanwhile, fitness firm PayAsUGym emailed customers last month after their details were compromised by a hack attack.
Carpenter said the cost of a breach could be between £75,000 and £311,000 for SMEs. RSA’s research found 28 per cent would go out of business if faced with an unexpected cost of £50,000.
According to RSA, despite an onset of high-profile cyber attacks recently, including Yahoo, Tesco Bank, TalkTalk and Camelot, businesses are not protecting themselves sufficiently. Its research indicated that many firms were more likely to take out cover when the threat became real to them.
Cyber Essentials is a Governmentbacked, industry-supported scheme to help organisations protect themselves against common cyber attacks. Visit gov.uk.