Cyber risk is much more than just hacking. It involves internal and external risks, product risk, third-party risk and aggregate risk, such as service provider and supplier failure, human error, software obsolescence, and upstream internet and network interruptions.
The scale and sophistication of cyber crime continues to grow, and SMEs are a prime target for highly organised criminal gangs as they are seen as more resource limited and with less technically-aware employees than larger enterprises.
The cyber risk ecosystem is pretty complex and involves many players and aspects. Organisations of all sizes have been or will be impacted by cyber risks, and whilst this threat is well publicised, it is not always well understood. All businesses are connected to the internet: emailing customers, searching the internet or paying suppliers are just some of the ways businesses interact online.
According to the latest Cyber Security Breaches Survey, a quantitative-qualitative survey carried out by the UK Department for Digital, Culture, Media & Sport, 32% of businesses have faced breaches or attacks in the last 12 months.
The most common types are:
- phishing attacks (80%)
- others impersonating an organisation in emails or online (28%)
- viruses, spyware or malware, including ransomware attacks (27%).
Other interesting resources and official statistics on cyber security can be found on the Gov.uk website.
Below is a list of widespread or emerging types of cyber risk:
- Wi-Fi Hotspots
- System Failure and Networks
- Data Breaches
- Malware and Malicious Software
- Cloud Computing
- Distributed Denial of Service (DDos)
- Intellectual Property
- Internet of Things [IoT]
The General Data Protection Regulation (GDPR), which took effect on May 25, 2018, was developed to give people control of their personal data and create a high, uniform level of data protection across the EU that is ‘fit for today’s digital age’. Combined with the backdrop of the GDPR regulatory environment, the cyber landscape is also rapidly evolving, with cyber criminals becoming ever more sophisticated in identifying new ways of penetrating IT infrastructures.
The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million (or equivalent in sterling) for organisations that infringe its requirements. Nevertheless, not all GDPR infringements lead to data protection fines. Supervisory authorities, such as the UK’s ICO (Information Commissioner’s Office), can take a range of other actions, including warnings, reprimands, temporary or permanent ban on data processing, etc.
According to the National Cyber Security Centre (NCSC), SMEs face a 1 in 2 chance of experiencing a security breach. So, what can SMEs do to reduce the risk of becoming victims of a cyber-attack and prevent unauthorised access to the personal information they store online and access via digital devices? It stands to reason that the better controlled and monitored the IT infrastructure is, the less likely the business is to become a victim of cyber crime. Read the Top Tips from the NCSC
Is it possible to identify cyber risk before a cyber attack, data breach or business interruption actually happens?
Unfortunately, many businesses are still unprepared to manage cyber risk and understand their vulnerabilities. But there are tools available on the market which are affordable and can help an organisation rapidly identify cyber risk vulnerabilities.
In this age of digital disruption, there is a clear need for businesses to look out for cyber threats on an ongoing basis. Recognising this need, CRIF Decision Solutions has developed CRIF Cyber Check, powered by KYND, a proactive response to cyber management in 4 simple steps.
Resources & White Papers on Cyber Risk
Cyber risk continues to evolve at speed, but as a relatively new risk there is very little data available to build defences against emerging trends (intellectual property, IoT).
What are some of the new emerging threats to UK businesses?
General Data Protection Regulation, a year on. The GDPR was generated to give people control of their personal data and create a high, uniform level of data protection across the EU that's ‘fit for today’s digital age’. What about compliance, data protection and risks?
The recent SME Insurance Risk Survey commissioned by Crif Decision Solutions in partnership with Post has revealed some surprising findings. It would appear that many insurance providers and brokers are not equipped to accurately assess and subsequently price small to medium-sized enterprise cyber risk.