Technology has rapidly and increasingly become embedded as part of our professional and personal lives. It now plays an integral role in business, with computer systems being employed for a whole range of purposes from tracking online sales, payroll, customer data storage, email, internet-based telephony systems, stock control and a range of other functions. With companies now so reliant on technology in almost all aspects of their business they are vulnerable to cyber attacks. These not only have the potential to cause financial loss but can have catastrophic reputational repercussions for a company. There are reports that suggest system downtime can cost businesses £10,000 per hour rising to as much as £1,000,000 per business day and cyber threats are only increasing in frequency. It is thought that, worldwide, one computer is infected every 4.5 seconds and newspaper articles highlight on an almost weekly basis security breaches, loss of customer data or system failures.
It is important to emphasise that this is not just an issue for large businesses, which is a common misconception among small to medium sized businesses. According to the Department for Business Innovation and Skills, 87% of small businesses had a security breach in the last year, up from 76% the year before. Arguably it is even more of a problem for small businesses as they often lack the technical resources and finances to invest in software and the expertise to manage these risks.
Cyber risks manifest themselves in many forms, from malware and viruses, to external hackers and administrative errors so making sure the most up to date software and virus protection is installed is essential to protect your business from these threats. It might seem an unnecessary investment but it is vital to have this basic protection in place.
Educating staff to enable them to help protect the business is equally important. One simple and easy way to do this is for employees to create secure passwords, i.e. include a mixture of numbers, symbols and letters and update them regularly. This is even more important if any employees ever work remotely. Running a training session on what constitutes a suspicious email or activity and how to report it is also beneficial. From a reputational point of view, it is advisable to prepare a communications plan both for staff and clients in the event that your business is disrupted by a cyber attack. This helps to ensure that expectations are managed appropriately, that staff know how to work around a problem and that your customers can be assured that a plan in place to address the problem.
Lastly, buy insurance. There is a discrepancy between the percentage of business leaders that identify cyber threat as a serious threat and those that follow through and purchase appropriate protection. One of the misconceptions is that cyber is covered by existing insurance, such as general liability but this is incorrect. Speak to your insurance advisor to establish how you can manage and reduce the risks your business faces and what insurance cover is needed to ensure that in the event of an attack, your business will have the appropriate protection in place.