Smaller firms set to ‘face £52bn in fines’ for security breaches as cyber-crime skyrockets


January 14, 2017

British firms were each subjected to an average of almost 230,000 cyber attacks in 2016, according to analysis from business internet service provider Beaming.

The average volume of attacks hitting individual company firewalls passed the 1,000 per day mark for the first time in November.

Meanwhile, the Payment Card Industry Security Standards Council suggested that UK firms could face up to £122 billion in fines for cybersecurity breaches in 2018.

Of that, £52 billion will be levied on small to medium size enterprises, it said.

Small businesses are the victims of more than seven million cyber crimes a year, costing the sector £5.26 billion.

A survey of small businesses by accountancy giant KPMG last year found more than 60 per cent had experienced a cyber breach in 2016.

Insurer RSA, which was last week hit with a £150,000 fine over stolen customer files, has warned that ‘the people who work for the company are the weakest links in any business’.

Helen Carpenter, its cyber and liability product lead, said: ‘A recent scam involved identifying firms that were or had recently been advertising a job, and then sending them an email purporting to apply for that job.

‘Instead, when the employee opened the attachment labelled CV, it contained malware that encrypted the computer and demanded payment in order to unlock the data.

‘The most common risk to affect a small business is ransomware. This is commonly used by fraudsters to disable the business’s systems and extort cash from owners in exchange for allowing them to access their systems.’

She added: ‘Many smaller firms believe that only large businesses are affected by cyber crimes, but this is not the case.

‘Larger firms often have sophisticated defences that make them harder to penetrate. Increasingly, it can be as profitable to initiate an attack that aims to catch many smaller businesses in a wider net.’

Executive search firm Cartwright James said it is often attacked. Ben Hornsey, director of Cartwright James, said: ‘Cyber attacks come in a variety of formats, from fake invoices to excel documents and attachments.

‘Most are clearly spam, however, we were caught out when somebody new to the business opened an attachment which installed a virus. The files became inaccessible, only unlockable via a ten-digit code. We were unable to access these files until we paid a ransom or found a solution. The ransom was four bitcoins, about £3,000.’

Meanwhile, fitness firm PayAsUGym emailed customers last month after their details were compromised by a hack attack.

Carpenter said the cost of a breach could be between £75,000 and £311,000 for SMEs. RSA’s research found 28 per cent would go out of business if faced with an unexpected cost of £50,000.

Read full story…