Phone icon
Menu icon
Professional insurance
with a personal touch
We're open as usual
0345 222 5391
Mon-Fri, 9am-5pm, local rate & mobile friendly

How to fight cybercrime


Real threat, virtual world

If the words ‘digital risk’ don’t mean much to you, now might be a good time to do some research.

Because cybercrime – the targeting and attacking of businesses through and for their digital assets – is on the increase.

Figures from consultancy firm PricewaterhouseCoopers indicate that large UK businesses suffered an average of 54 cyber-attacks each in 2011, twice 2010’s level. That’s pretty much one every week.

Further figures, this time from the FSA, show that UK companies dealt with 185 security breaches during June, July and August last year. Doesn’t sound like much but reporting attacks is voluntary and the actual number is almost certainly much higher.

What’s clear is that these attacks aren’t just inconvenient: they cost money. The Cabinet Office estimates that cybercrime costs UK businesses around £21bn a year.

Average figures, again from PwC, show that fixing the worst single security breach costs between £110,000-£250,000 for large businesses and £15,000-£30,000 for small ones.

Worse, data breaches are more expensive to fix than security breaches because there's more at stake. The average cost of dealing with these is a whopping £1.9m – the consequences of negligence, lost business and subsequent system repairs/improvements.

Unseen dangers

So, are you prepared? Do you know what your business is up against? Can you say you’re absolutely protected from rootkits, trojans, spyware, phishing etc?

If you are, what about the rest of it? Digital risks come in all shapes and sizes. There's more to it than just keeping an eye out for unscrupulous criminals with financial and political motives.

Different businesses face different digital risks depending on what they do. For example, a business with an e-commerce website, holding customers’ personal and payment data is at greater risk of a costly breach than, say, a company without a website but which uses email.

Cyber damage can be physical and virtual, first party (yours) and third party (your clients'). Here’s what can go wrong:

  • Property damage: fire and flood can wipe out expensive servers and networks. And our claims records show that company laptops and smartphones go missing on a frighteningly regular basis.
  • Virus transmission: your business could be liable if a malicious program originates from you and damages a client or a third party's systems.
  • Intellectual property theft: your secret, valuable design for that new product/building/brand, for example, are fair game to Johnny Hacker – and available to the highest bidder.
  • Reputation damage: social media can turn a minor customer complaint into a major PR disaster quicker than you can say 'Twitter storm'.
  • Libel and slander: email means communicating at the push of a button. Which potentially means pushing the wrong button and sending the wrong email to the wrong person.
  • Data breach: it doesn’t always have to be the loss of customers’ financial data that causes the biggest problems. It could be employee details or commercially sensitive information. There’s third party liability here in addition to your costs of and finding out what went wrong and fixing it.
  • Business interruption: hardware breaking down, software that refuses to work or firefighting a hacker attack can easily put a stop to your day to day operations. That means lost revenue.

Next steps

As always, a little preparation is all that’s needed.

Start with some basic risk assessment to establish what your exposure is. Take a look at the points above and work out how much any or all of them would cost to put right.

Bear in mind that you’re only as strong as your weakest link. Unfortunately that’s more than likely to be human than technical.

Try to make sure that security isn’t just the IT department’s concern. All employees need to be aware of (and regularly reminded of) the risks. Your company’s security is everyone’s responsibility and it starts with fundamental things like setting strong passwords and not leaving laptops on the train.

Above all, we’d recommend asking an expert to point you in the right direction. Getting good advice on what you can do to protect your business, as well as guidance on the most appropriate hardware and software could be priceless.

As could a robust cyber liability insurance policy. If all else fails, at least you’ll have something to fight your corner and pay your bills.

If you liked this, you might like thesethis...

7 legal obligations every new company needs to know about
As a newly incorporated company, there are certain things you need to do to stay on the right side of company law. Here's what they are.
What's malpractice insurance and why is it different to professional indemnity & public liability?
Find out how treatment malpractice insurance protects you if you injure a client. Also, why professional indemnity and public liability can't help.
Do I need insurance to sell things on Etsy?
Etsy may not make insurance compulsory for sellers on its platform, but there are still plenty of reasons you should have it. Here's why.

More Advice, News & Know-how

Sign up to being prepared and protected

Get reliable advice on protecting and fine-tuning your business or charity sent straight to your inbox. Plus, receive other occasional bits we think you'll enjoy, like competitions and offers. We promise not to swamp you, and you can unsubscribe easily.

Sign me up