Fraud has come a long way from African princes and deceased uncles you never knew you had. It’s now been reinvented as cyber crime, and it’s everywhere. In fact, if cyber crime were a legitimate business, it would be considered one of the few booming sectors at the moment.
Cyber criminals target individuals (those emails that pretend to be from your bank, for instance), but much of the serious effort is against businesses. A recent government survey found that 39% of businesses reported cyber attacks, though noting that this probably only represents businesses with sophisticated enough defences to detect the attacks.
By far the most common type of attack is phishing, where the criminals try to get enough personal data to access your bank accounts. Other common types are:
- denial of service, which effectively closes down an organisation
- malware, secretively installed on your devices to access systems, steal data or prevent access to your systems
- ransomware, where the criminals steal data and demand payment for its return.
It’s estimated that, in the UK, one in 3,722 emails are phishing attacks, and there are around 65,000 attempts a day to hack SMEs, 4,500 of which are successful. That represents one SME being successfully hacked every 19 seconds.
The government survey estimates the average cost to medium and large businesses of a cyber attack as £19,400. If smaller businesses are also included, this falls to £4,200. It’s worth remembering, though, that £4,200 could be as serious for a micro business as the higher figure for a larger organisation.
How to Combat Cyber Crime
The only sure way of avoiding cyber crime entirely would be to stop using the internet — hardly a practical solution in a world that relies so totally on being online. Failing that, there are steps both businesses and individuals can take.
Perhaps the most important is to learn and practice caution. We all know we shouldn’t click on links or open attachments we’re not sure of — but a surprising number of people still do. That’s why it’s so vital for organisations to arrange ongoing cyber security training for all their people.
At the same time, there’s a range of services available to defend against cyber attacks. These could be as simple as the basic security system you put on your home computer, but there are also many complex services available, from automatically monitoring the online activities of employees to “white hat” attempts to breach your systems in order to identify weaknesses.
Nevertheless, cyber criminals are getting cleverer and more subtle all the time. An incident we came across recently illustrates how difficult it can be to stay safe. A business sent out an invoice for just under £100,000 and, when the recipient opened it, he had a feeling the Bank account number and sort code were different from previous payments. He decided to call the company — and he was right. Someone had intercepted the email and changed the bank details on the invoice.
This was a lucky escape — probably one in a million — and shows why Allied Claims would urge you to have cyber insurance in place. While it won’t end the risk or the negative effects of cyber attacks, it will mean that if, despite your best efforts, you lose money through a cyber attack, you’ll at least be able to make an insurance claim for it.
All content within this column is provided for general information only, and should not be treated as a substitute for the Insurance advice of your own broker or any other Insurance professional. Allied Claims is not responsible or liable for any decisions made by a user based on the content of this site.
Allied Claims is not liable for the contents of any external internet sites listed, nor does it endorse any commercial product or service mentioned or advised on any of the sites. Always consult your own Insurance broker if you’re in any way concerned about your insurance cover.