Not since the “WannaCry” ransomware attack on the NHS in 2017 has cyber security been in the headlines as much as it has recently. Even before coronavirus, the Information Commissioner’s Office (ICO) hit the headlines when it announced it was fining British Airways £183m and Marriott International £99m after the companies suffered significant cyber attacks, and the Covid-19 pandemic has only increased the cyber security risks for all businesses.
Despite the headlines, it’s dangerous to think that only well-known brands and large multi-nationals have to worry about cyber attacks, as SMEs are now a favourite target for cyber criminals. Pre-Covid-19 data from a five-year cyber security study carried out by specialist ISP Beaming indicates that in 2019, 62% of small businesses (those with 11-50 people) and 76% of medium businesses (those with 51-250 people) fell victim to some form of cyber crime. Meanwhile, a report from the Institute of Directors suggests that in 2019 the average cost for a medium sized business which suffered a major cyber attack was £75,000.
Of course, the world in 2020 is very different from the world in 2019, and the global Covid-19 pandemic and its related lockdowns have significantly increased the risks to businesses of falling victim of a cyber attack. More and more employees are having to work from home or at other locations away from their usual business premises, and some are having to use their own personal IT equipment to do so. As colleagues and business associates are working more remotely, the use of email and other electronic communications has increased significantly, bringing with it increased cyber security risks for businesses.
A survey of business executives and IT professionals published in September 2020 by email security provider GreatHorn found that 53% of the respondents reported that they had experienced a noticeable increase in the number of phishing attacks they had received since the start of the Covid-19 pandemic. More worryingly, 38% of the respondents said that a member of their organisation had fallen victim to such a phishing attack, with it normally taking 1-4 days for the business to remedy the effects of the cyber attack.
A very detailed report published in September 2020 from cyber security provider Bitdefender reported a 715% increase in the number of reported ransomware attacks during the first half of 2020 alone, which was clearly a consequence of the global Covid-19 pandemic. It estimates that 40% of all coronavirus-related emails are actually phishing emails or other scams, as cyber criminals seek to exploit the fear, confusion and misinformation circulating during the pandemic.
Historically, the majority of businesses that engage cyber-security advisors have done so after suffering a serious cyber attack, rather than before. Everyone knows that “a stitch in time saves nine”, and while is it true that there is no way for a business to completely protect itself from the ever-evolving cyber security threats, taking cyber security risks seriously and taking reasonable steps to minimise your business’ risks will better prepare your business for the day it has to deal with a potentially significant cyber attack.
Michael Axe will be hosting an informative webinar on how you can protect your business on Thursday 22 October, find out more and how you can sign up free of charge here.
This article is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from taking any action as a result of the contents of this article.