The Office of National Statistics estimates that 4.5 million cyber crimes were committed in the UK in the 12 months up to March 2018. You are statistically more likely to fall victim to a cyber crime in the UK than you are to any other type of crime.
As the cyber security systems become more adept at preventing and pursuing consumer fraud, the cyber criminals have been targeting the public sector and larger organisations for their new revenue streams.
Amongst larger organisations, numerous cyber security breaches have occurred, impacting banks, police forces and even defence firms. Wipro, a major IT services business, recently reported a major attack on its IT systems, after it was targeted by a phishing campaign.
The problems being faced by large organisations should be a warning for SMEs, owner managed businesses, social enterprises and charities, many of whom are at high risk of becoming unsuspecting cyber victims. And it is their supply chains that offer some of the best opportunities for cyber theft. Why?
Smaller enterprises just do not have the scale, resources or systems to protect, prevent and counter cyber fraud. Furthermore, they tend to work with a much wider network of suppliers and intermediaries. A recent survey of IT risks amongst SMEs undertaken by Scott-Moncrieff (our sister firm in Scotland) highlighted the very low level of investment in cyber security, poor understanding of the processes involved, and their high levels of vulnerability to attack.
Any point in the supply chain that creates a break in the flow of relationships, information, products, logistics and services, creates a potential for weakness in systems, and a window of opportunity for the cyber crooks. Like a house purchase, the more links in the chain of suppliers, the bigger the risk, and the greater the costs, including:
- Finding an alternative supplier
- Business interruption or shut down
- Scrutiny and fines from regulators
- Loss of productivity
- Reputational cost, loss of trust and subsequent loss of clients
Prevention of cyber crime is far more cost-effective rather than having to deal with the bureaucracy, cost and reputational damage of a security failure. Key cyber security strategies and solutions that should be considered include:
- Adopting relevant industry guidelines and frameworks, we recommend the National Cyber Security Centre’s Small Business Guide as an excellent starting point
- Invest in and keep investing in the latest technologies and systems, and ensure that your systems are regularly patched
- Risk assess your suppliers and business relationships, if they are protecting your assets – do you know what their cyber security arrangements are? Have your suppliers invested in meeting cyber security standards? We recommend only working with suppliers who have complied with the UK Government’s Cyber Essentials standard, and if you are out-sourcing key processes only working with suppliers who can demonstrate compliance with ISO27001, an internationally recognised security standard.
- Employ or engage specialists that really understand the issues, and know how to implement and manage the very best cyber security systems and solutions
- Consider cyber insurance
Cyber risk is now a permanent feature of our lives, and increasingly so for businesses. You need to understand and manage not just the risk to your own business but also satisfy yourself that the businesses you depend on are also taking the risks seriously.
If you have any queries in relation to cyber security for your business and how you can best protect against cyber crimes contact:
Magda de Jager
Cyber Security Manager
0131 473 3500
Scott-Moncrieff joined Campbell Dallas in May 2019 to become part of the CogitalGroup.
The information in this blog should not be regarded as financial advice. This is based on our understanding in December 2019. Laws and tax rules may change in the future.