About 20 percent of British businesses were attacked by cybercriminals over the last year, according to a report from the British Chamber of Commerce. Most of those businesses, the report goes on, do not even have basic security measures to protect consumer data — only 24 percent of U.K. firms report having anti-hacking security in place.
Unsurprisingly, hackers tend to favor larger firms — 42 percent of big businesses have been the victim of some form of cybercrime activity, as opposed to only 18 percent of smaller firms which tend to attract less criminal attention.
“Cyberattacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity. While firms of all sizes, from major corporations to one-man operations, fall prey to attacks, our evidence shows that large companies are more likely to experience them,” noted Adam Marshall, the BCC director-general.
Dealing with the damage falls mostly to IT providers for 63 percent of firms — as opposed to only 12 percent of banks and 2 percent of police forces who reported being reliant on IT providers to clean up post-hack issues. Banks and police forces tend to have in-house staff for these sorts of issues.
“Firms need to be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don’t adopt the appropriate protections leave themselves open to tough penalties,” according to Marshall.
And penalties have already been handed down — TalkTalk was hit with a fine after hackers managed to make off with the personal information of more than 150,000 customers of the internet service provider. For about 15,000 people, sensitive financial data also made it out the door.
TalkTalk was tagged with a fine of £400,000 ($501,000) for the hack — the Information Commissioner’s ruled said attack “could have been prevented if TalkTalk had taken basic steps to protect customers’ information.”
“Companies are reporting a reliance on IT support providers to resolve cyberattacks. More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cybersecurity breach and increase clarity around the response options available to victims, which would help minimize the occurrence of cybercrime,” noted Marshall.