New research has revealed that one in five UK businesses have experienced a cyber attack or incident, with nearly one in 10 small businesses experiencing this in the last year. This number rises to 35% of large corporate businesses, showing the increasing risk that cyber presents.
With criminals often looking for opportunities in the run-up to Christmas and cyber swiftly becoming an increasing risk for both consumers and businesses alike, the research found that businesses are 67% more likely to have experienced a cyber incident than a physical theft and almost five times as likely to have experienced a cyber attack as a fire.
When looking at the repercussions of a cyber attack or incident, almost a third experienced operational disruption, with a further fifth (21%) experiencing data loss and system lockdowns. Such interruptions led to businesses claiming an average of £21,000 per incident according to Aviva data, although costs can run into the tens or even hundreds of millions of pounds.
While around half of UK businesses express confidence in handling a cyber incident or attack, one in five admit to not being confident in knowing what to do should this happen, a figure that rises to more than a quarter of small businesses, who appear to be the most vulnerable to such a risk. Not only does this increase the risk of further damage, it means that businesses also risk being non-complaint with personal data rules.
Despite the high frequency of cyber incidents experienced by businesses, Aviva’s research reveals a significant gap in cyber insurance coverage, most notably among small businesses – less than one in five of whom have a cyber insurance policy – and the same proportion say they are unaware that cyber insurance exists.
Commenting on the research they commissioned, Stephen Ridley, Head of Cyber, Aviva, said: “It’s important to recognise that businesses of all shapes, sizes and sectors are at constant risk of a cyber attack – particularly at this time of year, with phishing emails often increasing around Black Friday and Christmas. The nature of such a threat means that cyber criminals are evolving their tactics, looking for the opportunity as opposed to setting their sights on large corporates alone.
“Though our research shows that one in three businesses see cyber as the biggest risk to their businesses, it’s worrying to see that many businesses do not know how to protect themselves from this emerging threat. Many businesses do not have cyber cover, leaving them exposed to high, unforeseen costs and significant business disruption which could amount to tens of thousands of pounds.
“If the chance arises, there’s a risk that cyber criminals will act and so it’s key to have both preventative measures and protection in place. Although businesses are more likely to purchase cyber cover after experiencing an attack, more and more affordable products are becoming available on the market from as little as £50 a year, like Aviva’s Cyber Respond. These could be a valuable lifeline to small businesses in particular, should the worst happen.”
Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), said:“Cybercrime is something that can impact on any organisation, whatever its size or wherever it is in the country. It is essential that all businesses across the UK economy therefore have robust cyber practices in place, so that they are in the best position to protect themselves from cyber criminals.
“In the event of a live cyber attack, any business should immediately report it to Action Fraud who will direct them to the relevant law enforcement agency for investigation as appropriate. Importantly, however, I would also encourage small and medium-sized businesses to contact their regional, police-led Cyber Resilience Centre who will be able to offer free, high-quality support on the steps they can take to strengthen their cyber resilience for the future.
“One of the reasons why we are pleased that companies like Aviva have become National Ambassadors for NCRCG is that they recognise the risk of cybercrime, not just to themselves, but to all those in their supply chain, and are taking up the mantle in addressing this risk.”