A Quarter of all businesses have been derailed by cybercrime
According to a survey of facilities managers, service providers and consultancies undertaken by the Royal Institution of Chartered Surveyors and shared with the Guardian – 27% of companies suffered a cyberattack last year.
Cyberattacks are the biggest threat to businesses as 73% of business leaders now believe that a cyber incident will impact their business within the next two years, as reported by RICS.
In particular, occupiers of buildings are facing the fastest growing threats. As businesses become widely more technologically integrated, risks and the need for regular updates grows. CCTV networks, security systems, automated entryways, AI lighting and heating – everything touches the internet. Buildings are now being controlled by devices and programmes, prompting the rise of malicious ransomware technology. The potential for the next cyberattack could come from any angle, and failure to identify risks could cost your business heavily.
This year cyber criminals have targeted major retailers and outlets, demonstrating how cyber-attacks on businesses can also impact the general public. At Romero Insurance, we reviewed How a Cyber Attack to Public Services Left a £11.3million hole.
Is your business sleepwalking into a cyber attack?
This new term, ‘sleepwalking’, describes how businesses operating while unprepared for major cyber disruption. Sleepwalking businesses extend from SMEs all the way up to the largest of retailers – Malicious cyberhackers are indiscriminate and will target any business for their money and data. And as national headlines are keen to remind us; 8 weeks on and Marks and Spencer are still embroiled in a cyber scandal.
Marks and Spencer’s cyber breach is possibly the most public attack of late, costing an estimated £300million. As reported by the BBC, hackers of DragonForce used social engineering to gain access to M&S’s IT consultancy firm in India. From there they disrupted all online orders and operations, encrypted all the servers, and sent an email to the CEO via a member of M&S staff’s work address, in the form of a digital ransom note. The hackers also specifically mentioned they had located M&S’s cyber insurance policy – noting “we can help each other handsomely.”
The attack has caused a dramatic loss of sales of around £43million per week, as well as reparations for lost protected personal data, and significant reputational damage. Competitors have benefited several-fold from the paused online orders.
To prevent businesses ‘sleepwalking’ into a cyber disaster, they need to learn from experiences, stay vigilant and identify high risk areas. This involves staff training, cyber risk awareness, cybersecurity measures, regular updates and effective cyber insurance guidance by a dedicated broker.
How are businesses and retailers being hacked?
Malicious individual’s techniques have become very sophisticated and ingenious. One main way businesses are being hacked, as reported by RICS, is through outdated operating systems. For example, Windows 7 hasn’t received a security update from Microsoft in over five years, and won’t see any in the future. This is a huge risk as, over time, individuals find holes in programmes and operating systems, which are quickly patched by developers. Its always recommended that businesses use the most upto date operating system for maximum security.
And because of the technologically advanced nature of business premises, such as shops, factories and retail outlets, accessing a business’s systems can also include their physical property. Access to CCTV systems and entryways means the opportunity for physical theft and intrusion.
Another main risk is social engineering – this could be done through phishing emails or calls to the business while pretending to be someone of authority. A huge risk factor for businesses is incompetent staff, therefore it’s important to conduct regular training. Also its wise to introduce tests and audits of staff to review security and enforce the importance of vigilance.
What is the best thing businesses can do to protect against cyberattacks?
Cyber security is a varied and hugely important aspect of risk management. At Romero Insurance, we have published an updated cyber security whitepaper all about prevention and safeguarding actions. We also discussed the emerging cyber threats of 2025.
Having effective cyber insurance from a dedicated broker in place is the best thing businesses can do to safeguard against cyber risks. With effective cyber insurance, you are protected from any eventuality. Financial ramifications from a breach could include monetary loss, reparations for stolen personal data, ransom fees, reputational damage leading to profit loss, or business interruption caused by cyber disruption. Make sure your cyber insurance is sufficient enough to cover a full rebuild of your digital systems, and contact an expert.
Experts at Romero Insurance Brokers are available now to provide guidance on your cyber insurance needs.
