Protecting your business from cyber attacks


The government’s latest Cyber Security Breaches Survey was released in April 2024, revealing some shocking statistics and cementing the fact that cyber threats will continue to rise.

It’s reported that 50% of businesses experienced some form of cyber security breach/attack in the last 12 months. Charities experienced 32%, medium businesses 70% and large businesses with an income of over £500,000 reported 74%.

The total cost of cybercrime to the UK economy is estimated to be £27 billion per year, with businesses accounting for a significant proportion of this cost. Despite this, only 22% of UK businesses have a formal cyber security plan in place which is worrying.

In this article, we will explore the latest statistics in cyber security, the most common types of cyberattacks, how to protect your business and how Cyber Insurance can help.

One of the most high-profile and impactful areas of cybercrime is data breaches. This is where a business is hacked, and their data is held ransom or leaked to the public – not a position anybody wishes to be in!

While large corporations are bigger targets for cybercriminals, they have larger budgets to fight off any threats. For the small businesses with next to no budgets for cyberattacks, the consequences can be disastrous. It’s reported that the average clear up cost for small businesses after a data breach is around £25,700.

A cybercriminal with his hood up. There are lines of code on two monitors in the background.

Let’s take a closer look at some types of cyberattacks:

Phishing is a cybercrime that involves criminals making contact through email, phone or text message to lure individuals or businesses into providing sensitive data. Over 83% of businesses and charity attacks were from ‘phishing’.

This refers to cyber cases where criminals have targeted individuals or businesses under a fake persona, business or name (possibly using real identities) to gain financially, or with the purpose of harassing, intimidating and/or threatening their victim.

Cyber criminals impersonating organisations in emails / online made up 35% of the attacks (37% for charities).

Malware is a term used to describe a cyber program / code that is created with the intent to harm a computer, network or server. A virus is a type of malware that has the ability to self-replicate and spread. All viruses are a type of malware, but not all types of malware are viruses.

Viruses and malware accounted for 17% of attacks on businesses (14% on charities).

Newsletter Signup

A laptop and a phone being protected with cyber security.

Steps to protect your business

No matter how big or small your organisation is, it would be beneficial to have a cyber plan in place. You might want to think about how to identify a cyber attempt and what to do in certain scenarios.

There are free courses and certifications available, including the government’s Cyber Essentials certification that will help you protect your business from the most common cyber attacks.

Alternatively, you can do your own learning starting with the National Cyber Security Centre’s 10 top tips to protect yourself and your business. There are 3 key pillars to think about:

  • Understanding your risks or potential ones.
  • Implementing appropriate mitigations.
  • Preparing for cyber incidents.

Advice to improve your business’ cyber security

There are some steps you can take to protect your business from a cyberattack:

  1. Educate and train employees: Regularly train employees on cyber security practices, including how to recognize phishing scams and secure their devices.
  2. Update and patch systems: Keep all software and operating systems updated to protect against vulnerabilities that could be exploited by attackers.
  3. Use strong authentication: Implement strong password policies and consider multi-factor authentication to secure access to sensitive data and systems.
  4. Back up your data: Regularly back up important data and ensure backups are stored securely and separately from your main network.
  5. Secure networks: Use firewalls, encrypt sensitive data, and secure Wi-Fi networks to protect against unauthorized access.
  6. Develop an incident response plan: Prepare a clear plan detailing the steps to take in the event of a cyberattack, including how to contain the breach and communicate with stakeholders.
  7. Regularly assess risks: Conduct regular security audits and vulnerability assessments to identify and mitigate risks.

For extra protection, think about getting Cyber Insurance in place

You’re not alone in cyber security. It can be a difficult area to navigate and manage by yourself. We have access to an extensive amount of Cyber Insurance products that can be tailored to you and your business’ needs.

Cyber products typically have more support provided than other types of insurance, this is because in order to protect your employees and business, necessary steps need to be taken to educate businesses and their employees.

Depending on the nature of your business, cyber insurance can provide:

  • Pre-incident support: this could be anything from security training, risk assessments and access to cyber security experts – taking a proactive approach to prevent attacks.
  • Post incident support: if a cyber incident does occur, steps to take to report and helping your organisation get back on its feet and services to help with investigations.
  • Cover for extortion: this could be used when an individual or business is threatened to release sensitive data.
  • Digital assets cover: this could help restore and replace any digital assets (software, networks, data for example).
  • Legal fees/press support: protecting yourself if someone has gained unauthorised access to sensitive data, including legally and dealing with potential damage to reputation.

Get a Cyber Insurance quote for your business

Fill in your details below to discuss your cyber insurance needs with us, or visit our Cyber Insurance page for more information.