Can You Hack It?

How and why do cyber-attacks happen and could your business cope in the event of an attack?

Don’t assume that just because you are a small business, that you won’t be targeted by cyber criminals. SME and SMBs are possibly more vulnerable because of new working practices, small IT teams and lack of resources to organise protection and best-practice procedures. Cyber criminals look for the easiest and fastest way to be successful. By attacking at the weakest link, cyber criminals use small businesses as an entry point to move higher up the business ‘food-chain’.

More than half (54%) of SMEs in the UK had experienced some form of cyber-attack in 20221. Around 65,000 attempts to hack small to medium-sized businesses (SMBs) occur in the UK every day, around 4,500 of which are successful. Almost 1-in-5 (19%) of SMEs polled in a recent (Feb 2023) Vodafone Business report said that an average cyber-attack could cost their business up to £4,2002.

Many businesses outsource services such as Payroll, employees benefit packages or ICT or network support. If the level of access a vendor or contractor has to your data or network, is not controlled properly breaches can happen, and do, frequently.

Whatever the motive for cyber-attacks – money, politics, a grudge or simply to see if it can be done, the end result is damage to your operation, and potentially to your credibility and reputation as a business. The invasion of Ukraine and continuing geopolitical tensions have had an adverse effect on the cybersecurity landscape, prompting the National Cyber Security Centre (NCSC) to warn that: “now is not the time for complacency.”

That is why you need to pay attention to your working practices, to try and minimise risk. You should also consider Cyber Insurance, to support your recovery, should the worse happen.

Forms of attack

You could be subject to a data breach, or a computer virus, (malware) which is designed to damage your computer by corrupting system files, slowing machines down or destroying data.

Phishing3 was the biggest culprit according to a 2021 Mimecast report. It showed that 36% of data breaches due, at least in part, to employee credentials being stolen through a phishing attack, 96% of which occurred through email.

Trojan horses, or Trojans, disguise themselves as legitimate software applications and trick users into downloading or opening it. One opened, it will give a remote party access to the computer system.

Spyware is a form of malware that records activity on your computer system without your knowledge. They can collect your banking details and passwords, which are then sent onto potential fraudsters.

Other issues such as cyber extortion, a form of digital blackmail, could lead to you being unable to run your business for days.

Social Engineering is another common approach by cyber criminals. Social Engineering Fraud results in financial loss by deceiving an employee by impersonating or claiming to be a legitimate person or organisation entitled to funds.

Humans are the weakest link

From a data security perspective, employees are one of the biggest risks to business. Research has shown that more that 90% of security breaches involve some degree of human error4. They can pose a risk by:

  • Clicking on bad links in emails
  • Visiting websites containing malicious software
  • Forgetting to close the access point created for a vendor or contractor
  • Using personal devices

Premium rate calls

Did you know that it is possible to hack into a business’s phone system and make calls to a premium rate telephone number? Criminals set up premium rate phone numbers, where they receive a cut of the cost of the calls made to that number, resulting in significantly large phone bills for their victims.

Reporting breaches

If you suffer from a breach that poses a risk to people’s rights and freedoms, such as damage to reputation or financial loss, then you do need to report it to the Information Commission Office (ICO) within 72 hours of discovering the incident. The ICO has produced a guide which may be found on its website5.

The Government’s Cyber Essentials scheme is a responsible way of demonstrating to your clients (or prospective clients) that you take the protection of their data seriously. Their details can be found at

Get the cover you need

Having the appropriate cover can help with costs to reinstate data and computer equipment, and the cost to locate and remove the virus. To talk to one of our local advisers about how you can protect your business against cybercrime, call us now on

Call your local community broking team to discuss the most suitable policy for you.


Share this Post: