A cyber-attack is the eighth most significant risk that businesses face

Aviva is urging small-to-medium-sized businesses (SMEs) to bolster cyber security as online hacking attacks are on the rise. 

The National Cyber Security Centre asked UK organisations to bolster online defences due to recent viruses and hacking of Ukrainian organisations that has formed part of the ongoing war between Russia and Ukraine.

As most cyber-attacks are not specifically targeted, all businesses are at risk regardless of shape, size or sector, said Aviva.

For example, 91% of UK companies surveyed had suffered at least one successful email-based attack in 2021, according to Proofpoint’s 2022 State of the Phish threat report.

Aviva’s regional cyber underwriting manager Alana Muir said, “Unfortunately, the threat of cyber attack continues to grow. Businesses were forced to adopt remote working during multiple lockdowns, which stretched networks and exposed business systems to attack.

”However, as we emerge from one business challenge, we are faced with another due to the conflict in Ukraine.

“It’s understandable that many small businesses may not draw a link between the conflict in Ukraine and the increased cyber risk to their own business.

”However, as the National Cyber Security Centre has advised British businesses to improve cyber resilience following the crisis in Ukraine, we wanted to ensure brokers and their customers were aware of the increased risk and could take the necessary steps to protect themselves.”

Aviva explained that brokers can play a key role in helping customers make sure they are fully protected in the event of a cyber-attack by educating them on risk and resilience, as well ensuring they are taking reasonable measures to protect themselves.

It follows warnings from government agencies over the commercial world facing an increasing risk from online attack.

Cyber – most significant risk

According to Aviva’s latest Risk Insights Report, a cyber-attack is the eighth most significant risk that businesses face.

The research was carried out by YouGov and commissioned by Aviva – 1,251 senior leaders from SMEs were interviewed across the UK between 19 August and 11 September 2021.

It revealed that six-in-ten (62%) businesses said they were worried about the threat of a cyber-attack.

However, only 19% said they were extremely worried. Businesses also said they were most exposed to operational disruption and loss of data because of a cyber-attack, with 37% of firms citing both exposures.

Damage to brand and reputation (31%), loss of customer confidence (17%) and financial impacts (28%) were also seen as significant threats stemming from a cyber-attack.

Some of this concern will come from personal experience – one in seven (14%) businesses reported that they were the victim of a cyber attack in the last 12 months, with 11% of businesses suffering a data breach or cyber attack and 5% suffering extortion, including cyber extortion (predominantly ransomware).

This makes cyber attacks one of the most frequent, and damaging, risks that directly affect businesses.

Muir added: “Cyber-attacks tend to exploit a network’s vulnerabilities and from there they follow an unexpected logic, moving from one business to the next. Once it’s out you cannot control it. For SMEs in particular, cyber-attacks can be devastating to the company’s reputation, as well as its bottom line.

“We think that brokers, as trusted advisors to their customers’ business, have an important role to play in helping their SME customers identify and prepare against this increased threat. Aviva has materials on its broker site that brokers can use to help explain cyber risks to their customers and steps they can take to protect their business.”

Implementing basic cyber controls could reduce the likelihood of an organisation failing victim to a cyber-attack.

For example, the US Cyber and Security Infrastructure Agency suggested that something as basic as implementing multi-factor authentication could reduce the chances of a cyber-attack by 99%.

Aviva suggested the following actions:
Ensuring any access and passwords are personalised and stored securely, and not relying on manufacturer settings.
Back up all data offline regularly – at least once a week, preferably more frequently.
Ensure personal data is stored safely and securely.
Install any software or firmware updates within 14 days of release.
Ensure firewall and virus protection software is installed, active and updated according to the software provider’s instructions.
Small businesses that rely on outsourced service providers should have a back-up plan in place in case they become the victim of a cyber attack.