The cost-of-living crisis is fuelling a surge in cyber attacks on UK businesses, a leading fraud expert has warned.
Leigham Martin, group head of infrastructure and security at Connectus Business Solutions, shared with City A.M. that cutting costs on security will spell disaster for businesses.
“There is increasing evidence that some businesses are looking to save money in this area, perhaps linked to the cost of living crisis. But cutting corners where cyber security is concerned can be costly especially as IT is now typically an integral part of a business.”
“Half of small to medium businesses go bust within six months of a cyber-attack.”Leigham Martin
Martin continued: “With the growing threat of war in the east, the cost-of-living crisis and increasing inflation, cyber criminals are using this to their advantage to exploit people and businesses alike.
He was commenting after recent official statistics recently showed that 39 per cent of UK businesses experienced a cyber attack in the past 12 months.
The Cyber Security Breaches Survey 2022 – published by the Department for Digital, Culture, Media and Sport – found that the most common threat vector was phishing attempts, which were experienced by 83 per cent of firms reporting breaches.
Malware and ransomware
Around one in five UK businesses identified more sophisticated attacks, such as denial of service, malware and ransomware attacks.
“Social engineering is again on the rise and scammers are sending phishing emails and messages offering rebates on energy bills to play on peoples and businesses vulnerabilities,” Martin noted.
Organisations typically spend less on cyber security than is recommended, he explained, and it is not always a top priority.
“Simply put, good cyber security costs money and you often don’t see the return on investment from it,” he said.
“But on average, organisations should look to invest around 3-4 per cent of their annual revenue into cyber security.”
Martin stressed “this should be used to bolster defences, gain visibility of their technology and have a proactive approach when it comes to protecting the company’s digital assets.”
Not ‘if’ but ‘when’
Businesses should adopt a “when” not “if” approach to security and should be prepared and have a plan if they do suffer from a cyber attack.
Martin added: “As the West denounces the actions of Putin’s war and supports the people of Ukraine, the UK becomes a bigger target to foreign nation state hackers who will be looking for ways to disrupt businesses and the economy.
“This is why it’s important to protect your business and its digital assets.
The most important thing for businesses of all sizes to do is to ensure that the fundamentals of cyber security are in place to protect devices, networks, and systems,” he concluded.