Business Technology

Cyber security naivety grows despite glut of high-profile hacking cases

5 min read

14 September 2017

The evidence is clear, hacking can result in serious financial damage to a business. However, high-profile hacking episodes are not being heeded by SMEs.

The last year has seen an inordinate flood of high-profile hacking examples – the NHS, Wonga, BNP Paribas, even the CIA and the Cadbury factory, were hit by hackers – highlighting that standard corporate breaches are a thing of the past.

It’s been such a fixture in the media that a greater degree of smaller companies are now viewing it as a key issue, and now new research from Hiscox has backed that up.

Giving the subject a wider context, Jean Claude-Juncker, president of the European Commission, demonstrated how important the issue is by proposing the creation of a European Cybersecurity Agency – a more widespread version of the UK’s National Cyber Security Centre, opened by The Queen in February.

High-profile hacking in 2017

  • Equifax – The credit-scoring company saw hackers access the details of 143m customers in September
  • Verizon – The phone numbers, names and pin codes of six million of the mobile operator’s customers were left online for around nine days
  • The AA – Closer to home, the breakdown recovery service had 13GB of unsecured customer data available online
  • Wonga – As if the pay-day loan company needed any more bad press, but 245,000 customers’ details were hacked in April
  • Debenhams Flowers – Smaller in scale, but no less damaging, the details for 26,000 customers were compromised

For the UK, the subject has become entwined with law – and enshrined in controversy – as General Data Protection Regulation (GDPR) is set to penalise those not adequately securing customer data – even in the face of cyber attacks.

However, the proportion of SMEs making it a top priority remains relatively low though, despite GDPR regulation coming into effect on 25 May 2018.

Hiscox highlighted the subject in its ninth annual DNA of an Entrepreneur Report, which analysed the responses of 4,000 senior managers and SME owners across the UK, US, Spain, France, the Netherlands and Germany.

Proportion of cyber attack victims that have suffered serious loss (%)

Cyber attack damage

 

It makes one point strikingly clear: only in Spain has the number of cyber attacks fallen. But the UK is also making great strides in tackling the issue. But that doesn’t change the fact that few companies are making it a priority.

Across the board, in a report concerned with Brexit, hailing both the rise of serial entrepreneurs and risk-takers, only six per cent of respondents mentioned cyber security. Hiscox’s results are indeed positive, but the number of companies creating a security agenda is poor – even if, as Hiscox pointed out – it’s an increase from last year.

In all, it explained, 13 per cent of companies have fallen victim to cyber attacks – an 11 per cent rise on 2016. This number rises to 15 per cent for Germany and to 16 per cent for the US.

However, tackling the subject from a slightly different direction reveals the true extent of cyber attacks. Some 48 per cent of respondents claimed to have suffered serious consequences and losses off the back of a hack – a figure 26 per cent higher when compared to last year.

There are certain sectors more likely to gain the attention of hackers, as well, of which many may be unsurprising. Financial service companies come out on top – a large target painted on the front door.


It's time to implement more comprehensive, multilayered cyber defences

A brief history of cyber risk: From data breaches to ransomware

History is filled with cyber risk incidents, stretching back to the HMRC CD-ROM debacle, through to software vulnerabilities like Heartbleed and WannaCry.


Following closely behind are the technology, media and telecom industries – 2017 has been unforgiving to each. The latter saw the likes of Telefonica, Deutsche Telecom, TalkTalk at the mercy of hackers. On the technology side of things, Microsoft was hit by both WannaCry and Petya.

Of some concern, Hiscox explained that relatively few firms have embraced insurance in this area. Overall, the number of companies with cyber and data cover has only increased by one per cent, from eight per cent to nine per cent.

The amount of claims filed, however, has increased in every country used for the study.

Maybe we have something to learn from those in Spain? Bosses once again led the way in terms of companies covered against cyber attacks.