Shoosmiths LLP
March 11, 2016 - England
Cybercrime: it's a question of 'when', not 'if' for business
by Alex Bishop
Businesses face an increasing number of challenges and one of the most severe and potentially damaging is that of cybercrime. Fallout from a cyber-attack can result in both physical as well as reputational damage and the loss of business and customers.
Chilling words - particularly given how much British businesses now rely on their online presence. It is estimated that internet linked services contributed as much as £294billion to the UK's GDP in 2015 but according to the latest Government Security Breaches Survey (2015), 68% of large organisations and 34% of small organisations surveyed suffered from some form of cyber security breach within the last 12 months (2014-15).
It is thought that the overall annual cost of cybercrime to the UK economy could be as much as £34billion with the average cost of the worst security breach for larger organisations being £1.46million - £3.14 million. Last year's very public attack on Talk Talk reminded us of the vulnerabilities of any organisation to a cyberattack. It has been reported that last October's cyberattack cost Talk Talk £60million and the loss of 101,000 customers.
Research suggests that UK businesses are dedicating more and more resources to preventing their becoming the latest victim. Statistics suggest 44% of both large and small organisations have increased their spending on information security in the last year.
Prevention and defence must always be the fundamental basis to an organisation's approach to cybercrime but with ever changing methods and technologies designed to penetrate an organisation's defences, an increasing focus is being placed on preparing for 'when, not if' a cyberattack strikes.
Response team
The creation of a response team in preparation for a cyberattack is of vital importance. The first few hours following the discovery of an attack are usually the most crucial and will largely dictate the effect the attack has on an organisation. Any response team created must include a wide breadth of expertise, particularly including IT, PR and legal, to be on hand to advise and deal with the immediate aftermath and discovery of a cyberattack. Everyone within the business should know in advance who will be taking the lead and what the crisis plan is.
A recent report from one of the 'big four' accountancy firms revealed that cybercrime was at unprecedented levels with the problem only expected to become even worse, yet a third of the companies it surveyed did not have a plan to respond to a cyberattack.
In response to the increasing number of serious incidents affecting clients, Shoosmiths has set up its own crisis management team of specialists on hand 24/7, 365 days a year for clients who sign up to the service. We have also prepared a free download crisis management flowchart to help businesses begin to consider key issues to put a crisis management plan in place whether to deal with a cyber-attack or indeed any other crisis incident. Use the panel above to download a copy of our crisis response flowchart.