SMEs Hit by Sixty-Five Thousand Cyber Attacks a Day

Small businesses in the UK are the target of an estimated 65,000 attempted cyber attacks every day, according to new figures from specialist global insurer Hiscox.

The estimates are based on tests undertaken by the insurer which monitor, in real-time, the total number of attempted attacks on three ‘honeypot’ computer systems which are typical of those used by small firms across the country.

The total number of attempted attacks ranged from 900 to 359,000 in each 24 period, averaging 65,000 over the three weeks the servers have been monitored.

In order to raise awareness of this issue, Hiscox is live streaming the number of attempted attacks to its website at and also broadcasting the figures live on over 100 billboards across the UK.

According to the insurer, almost one in three (30%2) UK small businesses suffered a cyber breach last year – equivalent to over 4,500 successful attacks per day or one every 19 seconds.

Cyber security incidents cost the average small business £25,700 last year in direct costs (e.g. ransoms paid and hardware replaced) but this is just the beginning. Indirect cost such as damage to reputation, the impact of losing customers and difficulty attracting future customers, remains unmeasured but is expected to significantly exceed this.

James Brady, Head of Cyber, Hiscox UK & Ireland commented: “We know small businesses in the UK are hot targets for cyber criminals and these figures highlight the alarming extent of this. Most small businesses recognise the threat that cyber criminals pose on a global scale, but are less convinced of the risks facing their own operations, considering themselves ‘too small’ to be worthy targets, but this just isn’t the case.

“Hackers are prolific and sophisticated which makes staying on top of cyber security a challenge for all organisations. With many small businesses lacking credible cyber security strategies to help manage and prevent such attacks however, the impact when they do occur can be disproportionality severe.

“Outsourcing cyber security management is one option as this can be a more cost effective way to access instant, scalable resources in the event of an attack. The best cyber insurance policies will provide exactly that – practical support including legal advice, forensics and reputation management to help get a business back up and running as quickly as possible.”

There are a number of basic steps that small businesses can take to help protect against the evolving threat that cyber criminals pose:

Prevent

• Involve and educate all levels of the organisation about cyber threats.

• Have a formal budgeting process and ensure cyber is a part of all decision making.

• Institute cyber training during the on boarding process and in an on-going manner.

Detect

• Include intrusion detection and on-going monitoring on all critical networks.

• Track violations (both successful and thwarted) and generate alerts using both automated monitoring and a manual log.

• Record all incident response efforts and all relevant events.

Mitigate

• Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities defined.

• Review response plans regularly for emerging threats and new best practices.

• Insure against financial risks with a stand alone cyber policy or endorsement.

Resource:

1) http://www.actuarialpost.co.uk/article/smes-hit-by-sixty-five-thousand-cyber-attacks-a-day-15097.htm