Planning for growth? Plan to be hacked

Business Growth - British Gas Business

It might sound like the stuff of a second-rate Hollywood thriller, but cybercrime is real, and it’s a very real threat to businesses of all sizes.  A survey by found that 44% of micro-businesses – which account for 95% of all UK businesses – have suffered from cybercrime, with an average loss of revenue of £1,540 per company.

But just how are these digital criminals getting inside our businesses?  And what can we do to stop them?

Hacking is big business

According to a 2013 National Audit Office report, the cost of cybercrime to the UK was in the region of £18-£27 billion.  That’s a hefty sum, but it becomes more believable when you start to look at the scale of the damage that can be done with just one attack.  In 2011, for example, Sony famously fell victim to a breach of its Playstation Network, resulting in downtime that cost them $170 million.

But don’t think that being a small business means that you’re not worthy to be on the hit-list.  A report from McAfee found that nearly 90% of SMEs in the US had no data protection for company and customer information, making them a nice, juicy target for eager cyber-criminals.

Almost any kind of data is under threat, from your credit card details to those of the account you pay business electricity bills from.  According to PricewaterhouseCoopers, the average cost for the worst breaches of small businesses is between £65,000 and £115,000.

‘Assume you’ve been hacked,’ says Professor John Walker, a cyber-security lecturer at Nottingham Trent University.  ‘There are people who have been and know it and people who think they haven’t, but have.’

Getting inside your business

Unfortunately, the majority of security breaches that happen can be put down to human error.

Thanks to public social networks like Facebook or LinkedIn, hackers can find out the email addresses of a number of employees within a company.  By successfully posing as a trusted colleague – perhaps with a Hotmail or Gmail address that’s nearly identical – they can trick employees into opening attachments and files that contain trojans and malware, which can then spread throughout the organisation.

Similarly, hackers can use low-security public websites used by employees – such as tech forums for IT professionals – to offer advice, links and files to ‘help’ workers solve their problems.

Matters have only been made worse since the Bring Your Own Device (BYOD) revolution, as businesses often struggle to enforce the same tight protective policies when data gets taken away from the office.

Take control of your security

Of course, the first step – which you may already have taken – is to get the right protective software and keep it up to date.  Firewalls, anti-spyware and anti-virus packages should be on every digital device that has a part to play in your business; and it’s critical that you include employees’ personal devices, too.

Second, remember that any security procedure is only as good as the person trying to follow it.  Research suggests that approximately 80% of security-related incidents occur as a result of employee behaviour.  So train your employees – make sure they know how to recognise a dodgy email or a suspicious website, how to use their security software, and how keep it up to date.

Finally, you should probably invest in some level of cyber-liability coverage.  Just like any other insurance, it’s based on a range of factors: the industry you’re in, your dependence on the internet, how much data you process, and how you communicate with clients and suppliers.

Have you successfully evaded an attempted breach of your business’s cyber-security?  Or have you suffered the costs of a lack of adequate protection?  If so, let us know on LinkedIn or Google+.

The views, opinions and positions expressed within the British Gas Business Blog are those of the author alone and do not represent those of British Gas. The accuracy, completeness and validity of any statements made within this blog are not guaranteed. British Gas accepts no liability for any errors, omissions or representations. The copyright in the content within the British Gas Business Blog belongs to the authors of such content and any liability with regards to infringement of intellectual property rights remains with them. For more information about the mix of fuels used to generate our electricity simply visit You can find information about how to make a complaint at