Following the crippling cyber attack on the NHS in May (reportedly part of the “biggest ransomware offensive in history”), the Federation of Small Businesses (FSB) urged UK SMEs to take urgent steps to better protect themselves. It estimated that a fifth of them had suffered a cyber security breach in the past 12 months.
According to the FSB, on average, a cyber crime incident costs small-businesses £3,000, with two days’ recovery time required. The FSB estimates that seven million cyber crimes are now committed against UK small firms every year (that’s 19,000 a day, it says).
FSB commercial director, Dave Stallon, urged businesses to immediately download any updates to their operating systems and anti-malware software, and make sure “system or critical data is backed up to a storage device that’s not within the same network”, so that data cannot be held to ransom following a cyber attack. The FSB has published its own 10 tips for small firms wishing to better protect themselves from cyber crime.
British Chambers of Commerce (BCC) research published in April found that it was mainly large businesses that suffered cyber attacks, with 42 per cent of companies with more than 100 employees having been attacked in the year to April 2017. Overall, its research suggested, a fifth of UK businesses had experienced a cyber attack in the 12 months to April 2017. About the same percentage believed that the threat of cyber crime was preventing their growth.
According to government figures released in April 2017, 47 per cent of all UK businesses had suffered a cyber breach or attack in the preceding 12 months – with 70 per cent of large businesses having been targeted. The average cost to large businesses was £20,000, but in some cases losses reached millions.
Firms holding personal data are more likely to be attacked and “phishing” emails, which try to get recipients to reveal passwords or financial information, were the most common form, followed by viruses and malware (ie software created specifically to disrupt, damage or gain authorised access to a computer system).
Of the businesses that had indentified a cyber breach or attack, almost a quarter suffered a temporary loss of files, a fifth had software or systems corrupted, one in ten lost access to important third-party systems, while one in ten had their website taken down or slowed. Highlighting the importance of staff awareness and vigilance, breaches were often linked to human factors, yet only a fifth of firms surveyed provided cyber security training and only a third had formal cyber security policies.
PwC’s Law Firms’ Survey 2016 found evidence of “an increasing number of cyber security incidents across the sector”. And although larger firms “were the greatest target”, according to PwC, “all law firms are targets for cyber crime due to the confidential information held and large volume of client funds retained”.
UK law firms are more at risk than ever, it seems. Almost three quarters (73 per cent) of all UK law firms surveyed experienced a cyber security incident in 2016, compared to 62 per cent the year before and just 45 per cent in 2014. Overwhelmingly, the most common incidents involved phishing emails and viruses/malicious software.
The fact that 41 per cent of all law firms report that they have suffered incidents as a result of the actions of their own staff certainly provides food for thought. As well as upgrading software, businesses of all types and sizes are advised to provide training and ensure that they have staff policies covering IT/cyber security.