Last year, telephone and broadband provider TalkTalk suffered a massive cyber-attack.
The website security breach which saw customer data, including credit card and bank details, stolen cost the company £42m. As a result, their profits halved and they lost 101,000 customers.
As a small or medium-sized business, you might think this incident has no bearing on you. After all, TalkTalk are a huge organisation and far more likely to be targeted by cyber criminals.
But that’s not the case. According to the UK Government’s Information Security Breaches Survey 2015, 74% of small companies experienced an attack in the previous 12 months. And on average, each company suffered four breaches.
That’s just one reason why smaller firms continue to ignore the dangers of cyber-attacks.
Many also feel immune because they don’t think they deal with high volumes of customer data or online information. Again, it’s a misconception. You don’t have to be a high-profile company to hold data that’s potentially valuable to cyber criminals. Indeed, one of the most common tactics employed by hackers is to encrypt files – often tens of thousands – and then demand a ransom to effectively unlock the data.
Plus, hackers are well aware that small companies are far less likely to have appropriate systems in place to protect themselves.
To put the risk in perspective, the UK Government classifies cyber security as one of the four top threats to the UK, alongside natural disasters, international terrorism and military invasion.
But it’s not only external threats that are being ignored.
Many attackers rely on employees doing something wrong to find their way into the system – by clicking on a dodgy link or opening an infected attachment, for example. This often comes down to a lack of training or procedures in place to ensure everyone understands how to identify a potential threat.
Similarly, there’s a distinct lack of clarity within companies over who’s responsible for cyber security. This vague approach was pointed out in the same Government breaches survey, which found that 32% of businesses have never undertaken a formal risk assessment in terms of cyber security.
All of this seems to suggest that businesses aren’t taking the threat of cyber-attacks seriously enough. And if that applies to you, then you’re at risk of the implications – to your reputation, customer base and ultimately, bottom line.