Cybercrime is the hot topic of the moment and it now seems almost inevitable that all businesses will be the victim of a cyber attack at some point
BT’s chief executive recently told World Economic Forum delegates in Davos that the telecom group faces hundreds of thousands of cyber attacks every day…
Could it be you?
Assuming your business is somewhat smaller than BT, you may be reading this and thinking “so what?” Cyber-criminals are out for the big bucks and high publicity – they won’t be interested in anyone other than the largest public companies. Right?
Wrong. Cyber-criminals aren’t daft. They pick the line of least resistance. They frequently use smaller suppliers to enter the systems of high profile targets such as talktalk, Marks and Spencer and Sony.
But cybercrime is only relevant to companies involved in online retailing isn’t it?
Wrong again. The $150 million cyber attack on US retailer Target arose when criminals accessed Target’s IT infrastructure through the inadequate systems of one of its facilities suppliers.
Blue chip customers are becoming increasingly concerned about the cyber security their suppliers have in place. Even if you still think it’s not relevant to your business it’s well worthwhile considering how to minimise cyber risk. If only to maximise the chances of keeping your best customer.
After an attack
If (or should I say when) you are victim to a cyber attack, it’s important to limit the damage done. The obvious damage is reputational, always difficult to quantify but inevitably resulting in lost sales and ultimately lost profits.
But that’s not all. Following a cyber attack it is quite possible that you may have losses relating to:
- Incident costs – the cost of consultants to sure up your systems, public relations to try to protect your brand and notifying customers if there has been an incident involving their data.
- Lost profit on lost sales – sales could be affected for months after the event, not just while your systems are compromised.
- Drop in profit margins – it may be necessary to drop prices in order to retain customers.
- Cost of writing off unsold stock – if your products are seasonal and cyber-criminals come calling at a bad time this could be a significant cost.
- Third party claims – your corporate customer claiming their losses from you or claims direct from your own individual customers.
- Fines – breaches of the Data Protection Act currently carry fines of up to £500k but this is likely to increase to a regime based on a percentage of turnover.
- Finance costs – additional funding may be required in the aftermath of cybercrime (either to fund extra costs or boost working capital in the event of declining sales).
- Wasted management time – rarely something that can be quantified but the impact of senior management firefighting and taking their eyes off the ball can be long lasting.
Some or all of these losses may be covered by cyber insurance but many businesses do not have any cyber cover. Cyber insurance is an emerging area and the risks that it will cover are by no means standard or guaranteed.
As always, prevention is better than cure, here’s 5 tips for SMEs to avoid a cyber attack.
For more information
For more information please contact us on: