Your Biggest Risk Wears Shoes Posted at: January 26, 2021 Posted in: All As business manages its way through the after-effects of a turbulent 2020, every financial plan will involve careful examination of threats and opportunities. So why are so many businesses failing to deal with the threat of Cyber Crime – despite endless news stories and regular warnings? To accompany this article, we’ve also produced our Pragmatic Checklist for Cyber Loss Prevention. The UK’s leading fraud prevention service, CIFAS reported that 80% of professionals believe businesses are unprepared for the surge in threats as COVID-19 presents new opportunities for criminals. How can this be so? Everybody hears the cyber scare stories. Most of us have either been a victim or know someone who has been a victim of cyber-crime. The UK Government’s Cyber Security Breaches report for 2020 revealed almost half of businesses (46%) and a quarter of charities (26%) report having security breaches or attacks in the last 12 months. One in five of these attacks results in loss of money or data. 39% result in some form of business disruption. Hiscox report that the typical financial loss impact on a business from a cyber crime is £42,000. How many firms could shrug off an unexpected cost of that size? What’s the barrier? For the most-part it’s a perception that it’s technology and that it’s difficult to understand. Responsibility is delegated to the IT Team – and because their report says they have it covered, we can all relax. We get the warnings, we skim-read the regular briefings and we carry on as normal. The reality is that whilst technology is the enabler for the criminal, the vulnerability that they exploit is people. Us. The soft interface at the screen and keyboard. 90% of cyber data breaches are due to human error. We click on links in emails. We assume that emails from suppliers about their invoices are genuine – just because they ‘seem’ genuine. The Culture Needs to Change Simply delegating responsibility for cyber security to the most senior person who understands IT is not the answer. A contrast can be drawn with Health and Safety – whilst the CEO the rest of the board are unlikely to be doing the heavy lifting, they are responsible in law for the safety of the employees. Consequently, there is a regular report of incidents, near-misses, risks and mitigating actions at board meetings. Cyber security is unlikely to receive the same attention. Guidance to staff needs to be more specific than just “be careful” and “be wary”. We all become immune to the same message over time and bad habits creep back in. Recent research showed that over 70% of businesses train their staff in IT security once per year or less. But they are the biggest vulnerability. There isn’t a single product that protects against Cyber Crime. There isn’t a cyber insurance policy that protects against all losses. Measures to counter the threat of Cyber Crime require an understanding of the specific threats – and designing processes, training staff and deploying technology to counter them. The biggest risk lies in our human resource. We get tricked when we’re not vigilant. When it comes to cyber security, your biggest risk does indeed wear shoes. Our Cyber Security Checklist outlines the basic steps we’d advise any business to take to begin to protect themselves. If you would like more specific advice, please get in touch.