The most recent survey from insurer Hiscox – the Cyber Readiness Report 2019 – showed that 61 per cent of companies have faced at least one cyber attack in the past 12 months, up from 45 per cent in 2018.
The average cost of each cyber incident to UK businesses was a massive $243,000 (£195,000), according to Hiscox.
Yet despite this, British companies had some of the lowest security budgets at $900,000, compared to an average of $1.46m across the 5,400 businesses surveyed worldwide.
Data revealed by a freedom of information request by accountant RSM showed the Financial Conduct Authority received information about 819 cyber breaches in 2018, a significant rise on the 69 reported in 2017.
The majority of these, perhaps unsurprisingly, came from the retail banking sector.
Wholesale financial markets were the next most targeted, with retail investment companies making up this unhappy podium.
You may think your business is too small or insignificant for a cyber attack to be warranted, but think again.
For the most part, cyber criminals are not sitting at their computers working out which companies would be worth attacking – okay, when it comes to major conglomerates they might be.
But in most cases they are sending out bots infected with malware that will search hundreds of thousands of websites at once for security weaknesses. Then they will exploit them.
If your company’s website is not updated with the most recent versions of your software, or worse still is using software that is no longer supported by the developer, you are asking for trouble.
For sure, it is not easy to keep everything updated.
You may not deal with your own site, you may rely on a service provider or developer to do this for you. We all know they are not always easy to deal with.
Some will go quiet on you, fail to get in touch when you ask them to, or in the worst cases, may take your payment for ongoing services that they then fail to apply.
It is sometimes only after there is a breach in your data security that you find out how inept your web company is.
For any small company that has personal data held in the back of a website, or some other software system that is accessible online – perhaps from a home office – there is the risk of a cyber attack through a weakness in the system.
Once you have had a breach, you have to act fast to sort it out, especially under the new General Data Protection Regulation regime.