Over 65,000 attacks a day: Covid-19 exposes UK cyber security vulnerabilities

UK SME’s are at risk of 65,000 cyber security attacks daily – with around 4,500 of these being successful – and the figure could be much higher since the beginning of Covid-19.

The findings come from a new report by global recruiter Robert Walters and data provider Vacancysoft – Cybersecurity: Building Business Resilience – which claims that the cost of data breaches to UK companies is around £2.48 million per instance. Highlights of the study are:

• 65,000 cyber security attacks on UK SMEs daily.
• 4,500 are successful.
• Data breach costs UK companies £2.48m per instance.
• 44% of public would not use brand again if there data was to be breached.
• 48% of UK companies do not have adequate cybersecurity to support home working.

Online retail at risk

Half of consumers (44%) have stated that they would stop using a company online if they were to be breached during a cyber-attack – concerning news for many retail and service operators who have pivoted their business to be more online-centric in response to widespread lockdown measures.

In May 2020 alone, ecommerce transactions grew by 168% and currently represent 27.5% of total retail sales this year – this is expected to grow to represent a third (32.1%) of all retail sales by 2024.

“Cyber attacks rose to an all-time high in the last few years causing a great deal of media attention. As the general public became increasingly aware of personal data and privacy issues – including the introduction of GDPR – cyber security increasingly became a ‘differentiator’ for brands in a market where customers demand more transparency,” Darius Goodarzi, Principal – Information Security and IT Risk at Robert Walters, said.

“The tech industry has set the tone, with brands such as Apple and Whatsapp putting security at the centre of their marketing message.”

“For e-commerce, on the other hand, the pace at which the sector grew during Covid-19 raises questions as to whether their cyber security has been up to par with the sharp increase in traffic to online sites,” Goodarzi added.

“With consumers being hyper-sensitive about their personal information in a rapidly evolving digital world, e-commerce sites cannot afford to lose the trust of customers in what is becoming a very competitive space.”

In fact, it appears the industry has started to wake up to its responsibility – with cybersecurity job vacancies within the Consumer Goods & Services sector increasing by 17% in the last year.

Ill-prepared for remote working

Lockdown measures like we have never seen before changed businesses working practices overnight. Where just 11% of UK businesses stated their entire workforce (at the same time) were able to work remotely pre-lockdown, this sky-rocketed to 70% once lockdown hit – with the majority of white-collar firms being able to push the button on remote working in less than a week.

Of the 70% who were able to do this under 7 days, over half (53%) of these firms in the UK were able to transition their staff to remote working in less than 48 hours. Despite having little notice, 71% of staff described the relocation to home working as seamless.

However, little consideration by the government was given to the vulnerability of IT & Cloud security when businesses were told they must enforce remote working.

In fact, half of companies (48%) admitted that they do not have adequate cybersecurity provision to maintain a 100% remote working model.

While industries have vowed to step up their security game – it is predicted that the current £68bn spend on cybersecurity will need to be doubled, at the very least, to be up to scratch with new ways of working. However in a period of rapid, non-legislated change, the question remains about where accountability lies regarding data breaches. Nathan Tittensor, director at i3Secure, a UK-based Cyber Security and Data Protection consultancy, believes that certain sectors are ripe for disruption in the context of security.

“After e-commerce, the next industry which we suspect will be looking at their security posture is the legal sector – in particular law firms. Whilst the legal sector deals with high volumes of confidential information, they have never been mandated to have certifications around security,” Tittensor said.

“Although we are starting to see firms achieve certifications such as ISO 27001 to demonstrate they have robust practices and enhance customer trust, it is remote working that has really shone a spotlight on the sector and they should act fast before it is faced with the consequences of personal information being mishandled when not on-site in offices.”

Banks become a role model for security

Due to a robust level of regulation placed on the banking and financial sector, the industry maintains its top position for IT security excellence.

Cybersecurity hires in recent years have been driven largely by the need to facilitate secure open banking and stave off automated fraud and threat detection.

“For the more mature financial institutions who have sufficient IT-security talent onboard it is not surprising to see the resilience the sector has had against Covid-19 related cyber threats – warranting a freeze in hiring,” Ajay Hayre,  senior consultant technology at Robert Walters, said.

“However this has truly been the year for fintechs, who have increasingly been stepping into the space of traditional banks – playing an active role in the government bailout scheme, as well as obtaining licences to be able to deliver traditional banking services such as direct debits and overdrafts.”

The urgent need for this sector to protect data in transit or in the cloud has led to a surge in cybersecurity hires of 37% since 2018. “If fintechs follow the gold standard of their elder, more experienced siblings – traditional banks and financial service institutions – then their security protocols will not be of concern.”

Share this story