Insurers say cyber cover rates are falling but SMEs are still slow to recognise the value of protection against digital crime. You might think “they would say that, wouldn’t they”, when competition and new providers in a growing area have driven down prices for both new policies and renewals.
Yet the threat of cyber-attacks is far from receding. The recent 2024 UK Government Cyber Security Breaches Survey reveals that 50% of UK businesses say they were hit by cyber-attacks totalling 7.8 million in 2023, against 39% of businesses in the previous year. The average cost of a cyber-attack to a medium UK business was £10,830. In addition, 84% of businesses that experienced cyber security breaches or attacks faced phishing attempts.
Desperate times inevitably lead to desperate behaviours in business, not only from seasoned criminals sensing an opportunity in economic turbulence, but also from newcomers to white collar crime who have no other means of accessing large funds quickly. In an increasingly digital world, the threat from external fraudsters to all sizes of businesses has never been greater – and this has been amplified by home working and disjointed office environments since the pandemic: it is increasingly common for frauds to be committed by employees with technological help from outsiders.
In ransomware attacks, criminals are not only asking for a ransom to be a paid but potentially then stealing and releasing hacked data; an entire new sector of cyber ransom negotiators is developing. The large scale exploitation of software vulnerabilities is arguably the most obvious factor accelerating ransomware attacks in 2024. Several ‘cracks’ discovered in widely used platforms have contributed to rising attack figures.
Investment by enterprises, even at the lower end of the SME band, has been heavy, although it has been hard to sustain amid pressures on day-to-day revenues. Companies cutting cybersecurity investment and insurance – tempting when reviewing heavy areas of spending – do so at their peril. Like marketing spend, the value isn’t always immediately visible. Before wielding the axe, managers should consider their business’s dependency on its digital infrastructure.
Business owners in a position to invest and explore the potential for cost-effective digitisation must consider ransomware very seriously. Those handling third-party data risk serious reputational damage, with customers happy to move to companies which they believe are better able to handle their information in a safe and secure way.
Written by our analysts’ team at Buchler Phillips, an independent boutique firm with an impeccable Mayfair London heritage, specialising in corporate recovery, turnaround, restructuring and insolvency.