The cost of online theft to business and how to combat it

Spectacles in front of a PC screen with code - The cost of online theft to business and how to combat it

21st-century technology has given thieves new weapons to use against businesses. Today, businesses must not only protect their physical premises but virtual ones as well. Companies face attacks ranging from shoplifting and credit card fraud to online theft and ransom demands every day. No economic sector of the UK is immune to these crimes and all businesses in the UK are affected by the security challenges borne of the digital age. Small to medium-sized enterprises (SMEs), however, are at a greater disadvantage than their larger corporate counterparts. According to the National Cyber Security Centre (NCSC), there is a one in three chance that UK businesses will experience a cyber breach [1] or online theft. Cybercrime has resulted in a more modern, dangerous playing field for British businesses too.

Big business becomes a big target

Shell, one of the UK’s largest companies, revealed it had been the victim of theft on a grand scale [2]. The company’s largest industrial site, was at the centre of an organized theft operation. Internal and external thieves worked in tandem to steal oil from the company. The theft of company property continued for several years.

While sensational thefts involving large companies make the headlines, theft is a daily challenge to British businesses of all sizes. Business Matters magazine reports that “Two thirds of office-based employees confessed that they had stolen from their workplace” and in 2017, theft was estimated to cost businesses £190m per year [3]. Businesses are experiencing losses incurred internally by their employees and externally by criminals. As seen in the Shell case, sometimes these forces combine. The £190m estimate referred to by Business Matters in 2016 didn’t include losses incurred as a result of cybercrime.

Cybercrime cripples small and large businesses alike

While cybercrime is a significant challenge for all businesses, small and medium-sized enterprises are most affected. The technological advances of the 21st century created new opportunities for thieves. Criminals, like the rest of us, became more tech-savvy as the digital age progressed. Businesses all over the world found it necessary to invest as heavily in digital security measures [4] as they did for those offline. Smaller companies were disproportionately affected by this increase in security investment. Without the capital necessary to adequately secure their online presence, many companies still have a long way to go in the fight against cybercrime.

According to Government Europa, “54 percent of fraud cases in 2018 were cyber-related” [5]. To combat this rise in crime, 2018 saw the EU institute the General Data Protection Regulation. This replaced the Computer Misuse Act of 1998 in the UK. Any European company is required to adhere to the GDPR. Companies are issued substantial fines if they do not comply with the new regulations concerning collection, use and storage of customers’ personal data.

The public tends to trust larger companies over smaller enterprises when it comes to GDPR compliance, but that trust may be unfounded. Fallout related to these new government regulations aimed at curbing cybercrime can adversely affect even the largest companies. Recently, one of the largest US companies, Alphabet Inc. (through its subsidiary Google) was hit with a fine of €50m when they neglected to meet the standards of the GDPR. According to Alan Toner of Electronic Frontier Foundation, Google was accused of feigning compliance with the GDPR by unlawfully “manipulating users into granting them consent by means of deceptive interface design and behavioural nudging” [6]. At the heart of the issue was the Android phone setup procedure. It gave users no choice to opt out of personal data sharing when setting up a new phone.

Can British businesses protect themselves against online theft? 

Businesses can protect themselves from fines and their customers from fraud by doing their best to adhere to the GDPR guidelines. The NCSC recommends small businesses concentrate on 5 cyber security areas to stay in compliance with the GDPR.

  1. Back up data.
  2. Protect your organization from malware.
  3. Keep smartphones and tablets safe.
  4. Use passwords to protect data.
  5. Avoid phishing attacks.

The small business guide [4] published by the NCSC provides essential information on how SMEs can establish cyber security at minimal cost. SMEs that follow the guidelines specified can effectively compete with their larger corporate counterparts by offering customers quality protection from cybercrime.








Related blog posts

5 cyber security tips for small businesses

Business insurance is essential during COVID-19

8 top tips for small businesses striving for GDPR compliance

The views, opinions and positions expressed within the British Gas Business Blog are those of the author alone and do not represent those of British Gas. The accuracy, completeness and validity of any statements made within this blog are not guaranteed. British Gas accepts no liability for any errors, omissions or representations. The copyright in the content within the British Gas Business Blog belongs to the authors of such content and any liability with regards to infringement of intellectual property rights remains with them. For more information about the mix of fuels used to generate our electricity simply visit You can find information about how to make a complaint at