In 2018, the WannaCry ransomware attack on the NHS cost a crippling £92 million, a very high price for an event that should have been preventable. A Members of Parliament report that was produced detailing the incident noted that all of the 200 NHS hospital and health services investigated failed cybersecurity checks.
It is not only large public institutions putting themselves at risk, businesses and individuals are also at risk, which has also been heightened by the massive move to online during the COVID-19 crisis.
The Centre for Economics and Business Research (CEBR) estimated that cyber attack costs for businesses run at around £34 billion, which includes the costs of revenue and intellectual property loss, and the costs of increasing cybersecurity.
On top of this, there is the matter of regulatory fines, as failure to adhere to cybersecurity mandates is not only expensive but a foolhardy mistake to make, for example, as British Airways ran foul of GDPR.
Some business owners may think that their small company will not be noticed, but it’s for these reasons, and the failure to implement appropriate cyber defences that makes small businesses prime targets for hackers and cybercriminals.
As noted by security provider Carbon Black, 88 per cent of UK companies suffered a data breach in the past year, showing that it is not ‘if’ a cyber attack occurs, but ‘when’. And when that does happen, some small to medium businesses may never financially recover, and be forced to close their doors.
Given the high costs in repairing the damage from a cyberattack, it surely is a sound argument for investing in preventative cybersecurity measures and developing a solid cybersecurity strategy.
We have some actionable ways for UK companies to help mitigate the risks and improve their cyber defences.
Employee Education & Ongoing Training
Cybercriminals are always ready to take advantages of human error to launch their attacks, with common methods such as phishing to use an employee to infiltrate a company’s systems. While the majority of employees are aware of phishing scams and the dangers of clicking on spurious links, they are mostly not as cautious as they should be.
The latest social engineering attacks are far more sophisticated and well removed from the old Nigerian general and his spare millions. Companies need to run regular cybersecurity workshops for all employees, not just IT professionals. Training needs to be updated as soon as the company’s systems or procedures change too.
Staff also need to be reminded that cybersecurity is everyone’s duty, as much as it is of the company IT department.
Testing & Checks
Companies should also invest in third-party cybersecurity experts to carry out penetration testing and check for vulnerabilities in the company’s network and systems.
This is particularly of relevance to e-commerce companies that deal with payment portals, and companies that handle large amounts of sensitive client data.
The cost of being a victim of cybercrime can be very high. To mitigate the risks and the financial burden, it’s vital to take cybersecurity very seriously.
If you need the assistance of a cyber security company in London, then contact us today.