Getting on top of cybersecurity has never been so crucial. Between April 2021 and 2022, the NFIB found that cybercrime cost the UK £3.1 billion. And sadly, cybercrime rates show no signs of slowing down, with over 400,000 reports of attacks last year in the UK alone.
But the world is fighting back. Every October, organisations across the globe come together for Cybersecurity Awareness Month – a unifying initiative that began in 2004 in the US, and caught on as global cybercrime became more and more prevalent.
Many countries across the world now use October to raise cybercrime awareness and provide education, helping to change our behaviour online. This year, European Cybersecurity Month celebrates its 10-year anniversary with a focus on ransomware and phishing.
Taking cybersecurity seriously
In 2021, the average cost of a cyber-attack on UK organisations was £4,200, according to the Department for Digital, Culture, Media and Sport. With 31% of businesses and 26% of charities stating they were attacked at least once a week, it’s easy to see how the costs quickly mount.
Ransomware and cyber extortion payouts involve the most dramatic numbers, with Sophos gauging the average cost of a UK ransomware payout at $1.08million.
In this light, cybersecurity should be front and centre of every organisation’s IT budget. However, as cybercrime statistics like these rise year on year, the same can’t be said for cybersecurity budgets, with UK organisations allocating an average of just 12.7% of their total IT budget in both 2021 and 2022.
The case for investment couldn’t be clearer – the cost of preventing a breach pales into insignificance next to the financial and reputational damage caused by a successful attack.
The true cost of a cyberattack
There are many ways a cyber breach can cost an organisation. These include the time it takes to recover lost or stolen data, operational disruption, paying for external specialists in disaster recovery, increasing insurance premiums, and fines or sanctions for compromising data.
And it’s not all about the money – cyberattacks have the potential to irreparably damage the customer relationships and reputation an organisation has worked so hard to build. Even the most loyal of clients are unlikely to react well to being told their data is in the hands of criminals.
There are also regulatory considerations to keep in mind. The Information Commissioners Office (ICO) and GDPR guidelines state any attack that compromises personal or commercial data should be reported to the authorities. Depending on the sector, repeat breaches could cause problems with a regulatory body, or, in some cases, loss of important licences.
Educating employees on cybersecurity risks
A common misconception in the UK business community is that cybercrime is inevitable – but with 95 percent of cybersecurity breaches having human error as a key factor, it’s actually far more preventable than many people realise.
The fight against cybercrime begins with education – and the most important lesson is that it’s relevant to everyone. That’s why the theme for this year’s National Cybersecurity Awareness Month is ‘See Yourself in Cyber’ – because cybersecurity is really all about people:
- For individuals, this means seeing yourself as safe by learning basic cyber hygiene practices: updating software, having strong passwords or a password keeper, recognising phishing and enabling multi-factor authentication (MFA) on sensitive accounts.
- For IT professionals, the focus is on seeing yourself as part of a cybersecurity workforce that is bigger, more diverse and dedicated to solving the problems that will help keep people safe online.
- For industry, it’s about seeing yourself as part of the solution. That means putting best practice in place, collaboration, reducing risk and building resilience.
Ultimately, everyone within an organisation, from the top down, shares responsibility for cyber security – it’s not the sole domain of IT teams. However, IT teams can play a key role in ongoing education.
This October, why not suggest a rolling training programme to keep cybersecurity awareness top of mind for your customers and their employees? Topics might include how to use your current security software (especially email protection tools), what specific threats are trending around the world, and any developments in cybersecurity technology that are specific to individual roles.
Above all, security should be simple
Cyber-attacks don’t have to be inevitable. The crucial lesson to learn and share is that the most effective controls are simple and straightforward. With a culture of good security hygiene and adoption of the most straightforward of protocols like MFA, organisations can immediately protect themselves from the majority of cyber-attacks.
At intY, we’re here to support you in shielding your customers from the ever-evolving sophistication of cybercrime. We understand that cybersecurity threats come in a variety of forms, and your customers need protection from them all. So, to keep their systems secure and resilient, and keep you on top of all the key considerations, our experts have devised 5 cybersecurity pillars:
- Email protection – email security, archiving, continuity and backup.
- Endpoint protection – cloud security, ATS, EDR/MDR/XDR, mobile device management, patch management
- Web protection – web filtering and web app firewall
- Backup and DR – backup, SaaS Application/Cloud to Cloud Backups, Disaster Recovery
- Identity management – MFA, password management, user management and active directories.
Use these pillars as a foundation for your cybersecurity planning, strategies and training. You’ll have all the bases covered and your customers should avoid becoming another statistic in the global fight against cybercrime.