Why businesses need to get serious about cyber
In this guest article from Capsule Cover, they explain why scale-up businesses need to get serious about their firm’s cyber security.
By your very nature, you’re expanding rapidly – your risks can change week to week, even day to day. Remote working is making it harder to oversee how staff are accessing files and networks too. These are all things that could make you a target for the kind of attacks that, in 2021, affected 65% of medium-sized UK businesses.
These attacks aren’t cheap either. The average cost of a breach across all UK businesses is £8,460-£13,400. Yet the real toll of cybercrime is a lot higher. One in five lose money, data or other assets. One in three report a loss of staff time, business disruption, and the need for new security measures. And those aren’t the only reasons to get serious about it…
Avoid fines of up to £17.5m
A cyber event – whether it’s a data breach, network outage or overload, threat to pressure you into paying money, or simply human error – can wreak havoc with your systems. But it also poses a huge risk to your data.
While finding yourself without the information you need to make critical decisions (like sales data and business plans) is one thing, it’s a loss of customer information that can really land you in hot water. Make a mistake here, and you could be fined up to £17.5 million or 4% of your total annual turnover.
And that’s not a bluff. In 2020, British Airways were handed a £20 million fine for failing to protect customer data. They had been processing “a significant amount” of it without adequate security measures in place, and when they were attacked in 2018, the data of 429,612 people was stolen.
As if the fine wasn’t enough, BA’s reputation fell to a four-year low in the immediate aftermath. The result? Damaged share prices and customer satisfaction rates.
Keep your reputation intact
BA’s position as an industry leader no doubt mitigated against some of the reputational damage. But that’s a luxury that most scale-ups can’t afford. Face it, if you get hit by a major breach that reveals your customer data, who’s going to want to invest in you?
And it’s not just their financial support you’ll be losing. Customers voice dissatisfaction with their wallets too. Look at TalkTalk. In 2015, a cyber breach stole their information on 150,000 customers. In this case, the fine was comparatively small, but 100,000 people stopped using their service. This meant the hack cost them £42 million, and their shareholders approximately £60 million.
The lesson here? Investors, clients and the public are all interested in data protection – not just because it’s an invasion of privacy, but also because an attack can place them in significant financial danger. And they’ll make no secret of who they believe is at fault.
Own the narrative
There’s no bulletproof approach to preventing attacks. But by demonstrating you’ve robust protections in place, you can avoid penalties and limit reputational damage.
The first 48 hours following an attack are considered the most important when it comes to minimising business interruption and data loss. A good breach response service offers 24-hour support and access to forensic specialists who work quickly to secure your data, eradicate the threat and find what caused the breach. They also provide critical evidence for civil, criminal, tribunal and disciplinary action.
With a breach response service to call upon, you can take control over the situation. No, you can’t retrieve the data you’ve lost. But you can reassure your stakeholders that everything is being done to minimise the damage.
Stay in control as you scale
Immediate access to a breach response service is a key feature of any decent cyber insurance policy. These policies also step in to cover more than just what’s outlined here, including the costs of investigations, crisis communications, forensic services, legal and regulatory advice, business interruption, data restoration and liability.
Of course, the biggest benefit to insurance is always peace of mind. With protections in place, you can get back to focusing on what you do best: supporting customers and growing your scale-up.