Small companies are not immune to costly cyber attacks

Share this

Share on facebook
Share on linkedin
Share on twitter
Share on email

Managers of small and medium businesses who assume that only the biggest companies are targeted by cyber attacks have already made their first mistake.

A third of small British businesses suffered a cyber breach in the past year, according to a a UK government study, while just under half of such companies had any form of cyber insurance cover.

Yet the government study showed 60 per cent of small businesses had cyber incident response plans in place, compared with 52 per cent of all companies.

Dave Palmer, director of technology at cyber security consultancy Darktrace, says many attacks are indiscriminate, so it is essential that executives of companies of all sizes “think about the risks of what would kill the business and stop it operating” if a hack or data theft occurs.

Mark Hawksworth, head of the technology practice at Cunningham Lindsey, a loss adjuster, says hackers are increasingly targeting smaller businesses because larger employers have more resources to protect themselves, making smaller companies more vulnerable.

One form of cyber attack that is becoming more common, and to which smaller companies are particularly exposed, is the use of ransomware. This is where the attacker gains entry to a company’s network, encrypts the data and makes them unusable, then demands a ransom from the company in return for an encryption key.

Insurers predict a 400 per cent increase in ransomware breaches globally this year. Businesses cannot be entirely immune from such attacks, security experts say, but there are several simple and practical steps to help reduce the risk.

These include ensuring employee passwords are long and difficult to guess, training staff to recognise unsolicited emails and — most importantly — keeping technology up to date. There can be a desire to sweat assets, but it is important to keep computers and software updated.

Another measure cyber security specialists advise smaller companies put in place is software that spots unusual network activity, such as bulk copying to an external hard drive. They have seen a spate of incidents recently where the culprits were disgruntled employees stealing data.

Regardless whether a company has cyber insurance, it should have an incident response plan in place. This means that in the event of a breach staff are given roles such as contacting clients and authorities, rather than running around like headless chicken. The plan needs to be tested and updated rather than just drawn up and forgotten about.

Small businesses often use external IT consultants to keep down costs, but suggests they appoint someone internally to make sure IT policies are adhered to and put them in charge of the response plan in the event of an attack.

Speak to Baker Jayne about your needs and concerns, before you to become a statistic.

More To Explore

Personal Protective Equipment at Work (Amendment) Regulations 2022

HSE eBulletin: Personal Protective Equipment at Work (Amendment) Regulations 2022 Issued: 11 January 2022 The Personal Protective Equipment at Work (Amendment) Regulations 2022 (‘the PPER 2022’) were laid before Parliament on 10 January 2022. Employers responsibilities to workers regarding the provision of Personal Protective Equipment (PPE) are changing from

Read More >

The hidden perils of underinsurance

Unwittingly, too many businesses are risking their survival and making it very difficult to bounce back successfully from a major loss. Baker Jayne can offer easy access to specialist assessments and valuations The problem is underinsurance and insurers, brokers and their clients need to work together to ensure that

Read More >

Contact Baker Jayne Insurance Brokers.

What would you like to talk to us about?