A Cyber Security Breaches Survey by the Department for Digital, Culture, Media and Sport (DCMS) found that 39% of all UK businesses reported a cyber breach or attack in 2020/21.

Firms across the UK have been encouraged to tighten their cyber security, as the National Cyber Security Centre (NCSC) recently advised that it is vital that companies remain vigilant to cyber threats.

The guidance was issued as political unrest between Russia and Ukraine intensifies, and a string of cyber attacks in Ukraine highlighted the growing need to address our own business cyber security here in the UK.

The rising risk of cyber attacks

It isn’t only larger companies facing increased risks of cyber attacks, the UK has seen increased attacks and attempts targeting small and medium size businesses in recent years. It may be that cyber criminals are becoming more sophisticated, but the pandemic has also left many businesses exposed to risks in a way that they weren’t before.

The Covid 19 pandemic put more pressure than ever on smaller businesses to automate their processes. In many cases, companies were forced to digitise before they were ready to upgrade their internal technology – leaving them with an increased vulnerability to cyber threats.

A cyber attack is bad news for any business, but for a small or medium company, the consequences can be catastrophic. Falling prey to cyber criminals can lead to loss of confidential data, huge financial cost, long periods of downtime and damage to the company brand and customer relations.

If you don’t have a cyber security strategy in place, now is the time to establish one and roll it out to colleagues. All employees need to be aware of the risks and procedures to help keep your business safe.

It’s time to think about business cyber security

You may be ready to consider your business cyber security but knowing where to start can be a challenge. It’s a good idea to plan and break your security strategy into steps. Before you make any business changes, you need a cyber security policy tailored to your business.

Your policy should detail all data that needs protection from cyber attacks, as well as any threats facing your business assets and agreed ways of working to keep them secure.

Even with the most sophisticated security policy, a company of any size will still be vulnerable to risks if its employees aren’t on board. It’s crucial that you invest in training and education to ensure all team members are aware of the real risks that face businesses and the expected behaviours they need to adopt to help minimise cyber threats.

With more staff working from home since the pandemic, your company’s IT team will have less power to control security and avoid breaches, so your wider team will have more responsibility for keeping their devices secure.

If you don’t already, get into the habit of backing up key information and data. At least if disaster strikes and you are attacked, you shouldn’t lose everything. It’s important to ensure that every device linked to your business is protected with up-to-date anti-virus software, and your office Wi-Fi should be encrypted. Make sure the password is changed regularly, and all company systems are protected by a firewall.

Protect your business with Multi Factor Authentication (MFA)

Introducing Multi Factor Authentication (MFA) is one of the most important steps that can protect small businesses from online threats. MFA is a secure authentication procedure that’s used to check an individual is who they are claiming to be. Usually, MFA will require individuals to enter at least two items of data to ensure they are a trusted user.

For example, if your staff simply enter a password to log into your business systems, introducing MFA would require them to enter a unique passcode generated by an app, or to gain access by using another layer of information such as a fingerprint or voice recognition.

With remote working becoming increasingly common, MFA is more important to businesses than ever. It adds an extra layer of protection around your company’s systems, data, and devices, making it far more difficult for cyber criminals to gain access to them. Multi Factor Authentication is widely recognised as one of the strongest defences against remote phishing hacks, and surprisingly few companies have implemented it.  

Troy Johnson, Regional Sales Director for Towergate Insurance, discusses the benefits of Multi Factor Authentication for businesses in this article for Insurance Business.  

How to manage cyber threats

Hopefully, taking the right precautions will keep your business safe from threats, but it’s sensible to have a plan in place if the worst does happen. Your priorities will be to limit any damage, and to ensure that you are compliant with current regulations as you react to the attack.

Make sure you record everything you do from the time you realise your company has been attacked, as you may need to share these documents for things like GDPR later.

If your website is hacked, you need to let key members of staff know and start to roll out your agreed response plan. This may include actions such as taking your company website down until the attack is under control, cutting off remote access to company systems and changing all passwords.

As the headlines warn businesses across the UK to brace themselves for an increased risk of cyber attacks, it’s time to protect your company’s assets.

Find out how cyber liability insurance can help protect your business or call our specialists on 0330 123 5741.

Cyber insurance from Towergate

Towergate are actively engaging with insurers and our clients to obtain cyber protection for businesses of all sizes, to protect against the very real and growing threats of the digital age. We can offer cyber insurance for businesses to help protect you should the worst happen.

You can find more information about how cyber insurance can help your business in our cyber information hub or get a quote online.

Alternatively speak to your usual Towergate advisor.

About the author

Mark Brannon Cert CII is a respected industry leader with over 17 years’ industry experience in a variety of roles within the business insurance sector. He works across a wide spectrum of insurance product and policy development, delivery and optimisation for clients, including claims, insurer relationships, marketing and communications, and risk management.

Read more cyber insurance articles

• Cyber and Crime
• Cyber Risk Assessment
• Cyber Risks on the Rise as Businesses Reopen
• End of financial year? Prime time for cyber scams
• Information Update - Comparing a Cyber Loss and Fire Loss
• Information Update - Cyber Crime
• Information Update - Cyber Crime Video
• Newsletter - Issue 11, Autumn 2019: Cyber Insurance Passes Claims Test
• Risk Alert - Cyber Liability
• Smartphones Becoming an Increasing Cybersecurity Risk for Organisations
• Cyber and Ransomware Attacks Are On The Increase
• Protect Yourself From Phishing Emails And When Sharing Data Online

The information contained in this article is based on sources that we believe are reliable and should be understood as general risk management and insurance information only. It is not intended to be taken as advice with respect to any specific or individual situation and cannot be relied upon as such. If you wish to discuss your specific requirements, please do not hesitate to contact your usual Towergate Insurance Brokers adviser or email TIB@towergate.co.uk.