Five cyber risks facing small businesses today


  • Executive insight
  • By:

    In the UK, Hiscox provides a range of business insurance products to over 160,000 small businesses but while many are becoming more educated about the risks that they face everyday, there is still some way to go when it comes to adequate protection against cyber crime. There’s a saying that goes ‘fail to prepare and prepare to fail’ – and all companies need to be prepared for the almost inevitable cyber attack.

    What’s for sure is that whether you are a big or small company, cyber criminals do not discriminate - all they need is a weakness to exploit. Here are five potential cyber risks that are facing small businesses now:


    Increasingly we are seeing small businesses fall victim to ransomware attacks, where a piece of malicious software – typically received via a phishing email - encrypts all of the data on the company’s network, with the perpetrators requesting a ransom (typically £500-1000) in order to provide the decryption key. The ransom amount may seem low but the costs in remedying the situation may far outweigh that however.

    Hack attack

    This is when a hacker manages to gain access to a company’s network, typically by exploiting an unpatched vulnerability within the software, allowing them access to the company data. The target will generally be personally identifiable information on a company’s customers, especially credit card information.

    Denial of Service attack

    These attacks are becoming increasingly cheap and easy to carry out and attackers simply overwhelm a company’s website by pushing a large volume of data to its servers in a malicious manner.

    Human error

    People can be the weakest link in any security chain, and a vast number of data breaches are the result of information being lost, or distributed to the wrong person. Even the seemingly mundane can have far reaching consequences, particularly where sensitive personal information is involved.

    CEO fraud

    This is where a criminal poses as a senior person within the firm - either by hacking into or ‘spoofing’ their email account. They then convince someone with financial authority to make a payment.

    Fail to prepare and prepare to fail

    Many small businesses are starting to appreciate the potential severity of cyber attacks on their customers, their balance sheets and their reputations. But many still have a long way to go in implementing good risk management. Small businesses can help reduce their exposure to cyber risks by:

    • Using secure passwords: making your passwords stronger by using three random words
    • Installing antivirus and malware software on all company devices
    • Regular software updates:  software updates contain vital security upgrades which help protect your device from the latest malware and hackers
    • Educating staff on the dangers of cyber risks, and what to be aware of, particularly where unusual emails or requests are received

    There is much more to read in our Cyber crime hub on our Informed knowledge centre for small businesses in the UK.

    You may be interested in...