18th October 2023

How is cybercrime affecting your industry?

Cyber threats are continually evolving; any business, large or small, can be a victim of cybercrime. The latest Cyber Security Breaches Survey 2023, published 19th April 2023 by GOV.UK, reveals that 32% of UK businesses have suffered a cyberattack in the last 12 months, making it a risk that must be taken seriously. However, the Cyber security skills in the UK labour market 2023 report, published 24th July 2023, reveals that under four in ten businesses (37%) are insured against cyber security risks.

It’s essential to be cyber aware. But what are the specific cyber threats affecting your industry? Here’s a brief summary at the type of threats you could be facing:

All businesses are at risk, including yours

A prime target due to an increase in online purchases and the large amounts of data stored. Criminals can use stolen details to hack into customer accounts and use stolen bank details to order goods. The impact of an attack includes an inability to take card payments, reputational damage and customer switching to a competitor.

Manufacturing & Industry

As the sector relies on evolving technologies, cyber threat is an ever-present vulnerability. If software is attacked, intellectual property can be stolen and processes severely disrupted. As a direct result, halted production can result in loss of revenue, contractual penalties and reputational damage.

Professional Services

Particularly vulnerable to cyberattack because of the sensitive and confidential data handled, legal requirements to keep client data secure and money handled on behalf of clients. (A recent trend has involved targeting law firms’ residential and commercial property teams, compromising emails and using social engineering to steal funds.) Cyberattack can lead to a data breach, loss of customer funds and lack of customer trust.

Business Services

The increasing reliance on technology to deliver services, such as storing and processing customer data, and having remote access to clients’ systems makes the sector vulnerable. Hackers look for the weakest link to attack a system, with one attack affecting many businesses. Impacts of cyberattack include loss of confidential information, contractual penalties, business interruption and loss of contracts.

Construction

Companies hold vast amounts of information, including confidential files, employee data, tenders, property proposals, plans, drawings and client data, which, if accessed and exploited, could have a considerable impact on the business, including financial loss, fund transfer fraud, breach of bid data, contractual penalties, reputational damage and loss of contracts. Software with multiple users, i.e. architects, contractors and planners, means more access points and opportunities for exposure.

Property Owners

A prime target due to the volume of personal information, signed contracts and digital payments between an agent, landlord and tenant, and large sums of money transferred online. Cybercriminals can carry out identity theft and use personal information to forge documents such as passports and driving licences, resulting in legal action against the agent, or fake ID documents and fraudulently sell or remortgage a property, escaping with the money. Data breaches could lead to regulator involvement.

Technology

The sector covers various industries, including computer manufacturers, software houses and telecommunication, all vulnerable to cyberattacks. Hacking of connected devices and ransomware can cause significant losses, with data breaches leading to regulatory involvement, halted production and contractual penalties, not to mention loss of intellectual property and reputational damage.

Motor Industry

Motor traders hold customers’ data, such as phone numbers, home and email addresses, car registration, and even more sensitive data if finance is provided. Cyber criminals can sell stolen information, block access to computer files until a ransom is paid or use scams to steal funds from bank accounts. Data breaches could lead to regulator involvement and social engineering fraud could lead to significant financial loss.

Education

Schools and universities rely on computers and connectivity, from recording performance data to staff sharing content and collaborating with students, and are at risk due to the sensitive data held on students and staff. Threats are internal and external, from a staff member not following protocol leading to a data breach to students connecting to the network with their mobile phones or laptops and introducing malware. Risks include data breaches, class actions due to high number of students and records, social engineering, bad publicity impacting enrolment and impact on events, such as delaying exam results.

Health & Public Sector

Two of the most exposed sectors to cyber risk: they store and process sensitive data, are susceptible to supply chain risks and have open systems that are easily attacked. A supplier with low cyber security but full access to a healthcare provider’s system provides an access point for hackers to obtain confidential patient data, particularly valuable on the dark web. The healthcare provider must rectify the breach but is also open to fines and penalties under data protection legislation and liability losses. There is also a human impact if files cannot be accessed when needed.

Charities & Not For Profit

A wide-ranging sector that relies on volunteers and often lacks centralised IT infrastructure and support, making it vulnerable due to the data stored about beneficiaries, volunteers, staff and those they support. Cyberattack could discourage donors and lead to loss of funds, greatly impacting a small charity. Also vulnerable to social engineering using data harvested from a hack.

Arts & Culture

From recommendation and review functionality to booking apps, live chat and loyalty schemes, companies need to be at the cutting edge of technology. Still, they must ensure customer data is stored and managed appropriately. Risks include reduced donations from high net-worth beneficiaries leading to business interruption and higher liability losses; libel, slander and copyright infringement; loss of credit card data and compliance with PCI Data Security Standards; and turnover impacted by inability to take bookings.

Talk to Melville Burbage

At Melville Burbage, we work with many leading insurers to ensure our customers are protected against the fallout of a range of cyberattacks, including cover for a loss of revenue, increased working costs and, if necessary, defence costs and any regulatory fines or penalties enforced.

To find out more and make sure your business is fully protected against cybercrime, talk to Melville Burbage about tailored cyber insurance. Either call us 01635 43880 or email info@melvilleburbage.co.uk.

Sources:
gov.uk: Cyber security breaches survey 2023
gov.uk: Official Statistics
gov.uk: Cyber security skills in the UK labour market 2023