- Hiscox study highlights the number of attempted cyber attacks on UK small businesses every day
- While most attempts fail, a small business in the UK is successfully hacked every 19 seconds
- Cyber breaches cost the average small business £25,700 in basic ‘clear up’ costs every year
- Real-time cyber attack attempts can be viewed at www.hiscox.co.uk/cyberlive and are also being streamed on billboards across the UK
London, UK (18 October 2018) – Small businesses in the UK are the target of an estimated 65,000 attempted cyber attacks every day, according to new figures1 from specialist global insurer Hiscox.
The estimates are based on tests undertaken by the insurer which monitor, in real-time, the total number of attempted attacks on three ‘honeypot’ computer systems which are typical of those used by small firms across the country.
The total number of attempted attacks ranged from 900 to 359,000 in each 24 period, averaging 65,000 over the three weeks the servers have been monitored.
In order to raise awareness of this issue, Hiscox is live streaming the number of attempted attacks to its website at www.hiscox.co.uk/cyberlive and also broadcasting the figures live on over 100 billboards across the UK.
Successful attacks
According to the insurer, almost one in three (30%2) UK small businesses suffered a cyber breach last year – equivalent to over 4,500 successful attacks per day or one every 19 seconds.
Cyber security incidents cost the average small business £25,700 last year in direct costs (e.g. ransoms paid and hardware replaced) but this is just the beginning. Indirect cost such as damage to reputation, the impact of losing customers and difficulty attracting future customers, remains unmeasured but is expected to significantly exceed this.
James Brady, Head of Cyber, Hiscox UK & Ireland commented: “We know small businesses in the UK are hot targets for cyber criminals and these figures highlight the alarming extent of this. Most small businesses recognise the threat that cyber criminals pose on a global scale, but are less convinced of the risks facing their own operations, considering themselves ‘too small’ to be worthy targets, but this just isn’t the case.
“Hackers are prolific and sophisticated which makes staying on top of cyber security a challenge for all organisations. With many small businesses lacking credible cyber security strategies to help manage and prevent such attacks however, the impact when they do occur can be disproportionality severe.
“Outsourcing cyber security management is one option as this can be a more cost effective way to access instant, scalable resources in the event of an attack. The best cyber insurance policies will provide exactly that – practical support including legal advice, forensics and reputation management to help get a business back up and running as quickly as possible.”
Prevention
When questioned, only 52% of UK small businesses stated that they have a clear cyber security strategy in place to manage the impact of an attack, which Hiscox says can significantly hamper their ability to detect, manage and prevent security breaches, as well as make the overall impact much more severe.
Experts agree that communication during and after a cyber attack is critical to managing it, yet only 56% can say with confidence that they fully disclose details of a cyber attack to the relevant internal and external stakeholders. This is particularly concerning given the introduction of GDPR this year, which requires all organisations to report a data breach to the ICO within 72 hours and notify affected customers without undue delay.
Most alarming of all, is that the majority (66%) of those that suffered an attack, admit to making no changes to their policies or systems to help prevent further breaches in the future. This is perhaps one of the key reasons why over half (56%) of those who’ve suffered a breach, are the victim of multiple attacks.
Cyber Security Best Practices: Prevent, Detect and Mitigate
There are a number of basic steps that small businesses can take to help protect against the evolving threat that cyber criminals pose:
Prevent
• Involve and educate all levels of the organisation about cyber threats.
• Have a formal budgeting process and ensure cyber is a part of all decision making.
• Institute cyber training during the on boarding process and in an on-going manner.
Detect
• Include intrusion detection and on-going monitoring on all critical networks.
• Track violations (both successful and thwarted) and generate alerts using both automated monitoring and a manual log.
• Record all incident response efforts and all relevant events.
Mitigate
• Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities defined.
• Review response plans regularly for emerging threats and new best practices.
• Insure against financial risks with a stand alone cyber policy or endorsement.
Ends
Notes to editors
- Hiscox set-up three servers typical of those utilised by UK small businesses and monitored the number of incoming attempted attacks. 64,729 is the average number of attempts per day based on a 25 day period. The minimum number of attempted attacks per day seen was 902 and the maximum 358,822. Press release figures have been rounded.
- Figures taken from the Hiscox Cyber Readiness Report. Research for this study was commissioned by Hiscox and conducted by Forrester Consulting via a survey of 4,103 professionals responsible for their organisation’s cyber security strategy between 12 October and 10 November 2017.
- The number of successful attacks per second is based upon a small (0 – 49 employees) business population of 5,653,375 – according to BIS Business Population Estimates 2017. With 30% (1,696,012) having experienced a cyber attack in a 12 month period, (Hiscox Cyber Readiness Report) this equates to roughly 4,764 attacks per day, or one every 19 seconds.
For further information please contact:
Hiscox Ltd
Katie Bergin +44 (0) 20 7448 6459 [email protected]
About Hiscox Cyber and Data Insurance
Hiscox Cyber and Data risks insurance is designed to support and protect a business if it experiences a data breach or is the subject of an attack by a malicious hacker that affects its computer systems. It provides comprehensive cover, simplicity, reputation protection and a trusted partner in the event of a claim.
The new Hiscox CyberClear Academy is a GCHQ-accredited online cyber security training platform designed to train and raise cyber security awareness among employees and help protect businesses from cyber threats.
For more information visit https://www.hiscox.co.uk/business-insurance/cyber-and-data-insurance
About Hiscox CyberLive
The Hiscox ‘CyberLive’ initiative was set up to make small businesses more aware of their vulnerabilities. Hiscox set up three servers typical of those used by a small business, to record real-time attempted cyber attacks. The data from these servers feeds into live digital outdoor posters at over 100 locations across the UK until Sunday 21st October, and the Hiscox website www.hiscox.co.uk/cyberlive. The more attacks there are to the servers, the more the poster headline visually reacts.
About The Hiscox Group
Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle. It’s a long-standing strategy which in 2017 saw the business deliver a profit before tax (excluding foreign exchange) of £93.6 million despite reserving net $225 million for claims in the most costly year ever for natural catastrophes.
The Hiscox Group employs over 2,700 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the US, we offer a range of specialist insurance for professionals and business customers as well as homeowners. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS.
Our values define our business, with a focus on people, quality, courage and excellence in execution. We pride ourselves on being true to our word and our award-winning claims service is testament to that. For more information, visit www.hiscoxgroup.com.
All press releases