How can I make my business cyber secure?

From implementation of digital systems and autonomous machinery, to increasingly connected supply networks, today’s built environment is extremely technology-reliant. However, with this comes increasing risk of cyber attacks. Let’s explore this threat, its implications and ways to protect your business.

It’s no secret that digital technology is transforming the construction industry, with AI dominating headlines, and IoT being considered a potential gamechanger. Unfortunately, with the good comes the bad. And, as technology integration heightens, so too do the risks of cybercrime. With this in mind, to effectively and safely navigate the evolving technological landscape, it is crucial to stay informed.

What is cyber risk?

As technology becomes a core component in day-to-day business activity, cyber incidents are quickly becoming the most prominent threats to construction firms. Given that the impacts span from financial to operational, as well as reputational or even legal, it is unsurprising that seven out of ten tradespeople are concerned about the threats of cyber crime.

What is surprising, however, is that 14% of tradespeople remain unconcerned about cyber attacks. It suggests that individuals are underestimating the very real threat.

How could a cyber attack affect your business?

If you’re wondering how cybercrime can impact a business:

• There were an estimated 2.39 million cyber attacks on UK businesses over the last 12 months — almost five incidents per minute
• 81% of incidents happen to small and medium sized businesses
• Attacks increase by around 30% during holiday periods, when businesses are closed or operating with low staff levels
• Over 500,000 new cyber threats are discovered daily
• Phishing scams — conducted via text message, email, phone, or social media — are the most common, accounting for 44% of cyber attacks in the UK
• 75% of large organisations and 45% of small businesses in the UK experienced phishing.

To put this into perspective, in 2023, the average cost of a cyber attack to a UK business was £9,270 – up from £4,200 the previous year. Meanwhile the total cost to the UK economy is estimated to be £27 billion per year.

Cyber threats should not be taken lightly, and having a robust set of processes is key to safeguarding your business.

How to apply cyber security?

When it comes to protecting systems and the data they house, passwords are a critical centrepiece. It’s important to consider what a strong password looks like, avoiding things that might be easy for a hacker to guess or figure out.

Consider choosing a longer combination with a random mix of letters, numbers and symbols to enhance security. Then, to further reduce the risk of systems being compromised, user identity and access controls such as two- (or multi) step verification is recommended.

Staying updated is also pertinent. This means having the latest software and IT equipment, regularly backing up data, as well as ensuring teams receive adequate training covering types of potential attacks and what ‘good’ mitigation looks like.

That said, it’s not enough to simply take action to prevent an attack. You need to be prepared if cyber criminals successfully strike. Developing and maintaining a crisis response plan will help to ensure business continuity and mitigate the impact.

In terms of ongoing processes, this could include patching up software vulnerabilities and reviewing backups. If resources allow, then consider conducting regular risk assessments -— or as a minimum, once per annum.

Other guidance includes installation of firewalls and anti-virus software, Virtual Private Networks (VPN) for remote working, and physical security. To help businesses understand their levels of cyber security and identify additional measures to implement, the Bletchley Group and IT Governance have created a Cyber Security Risk Scorecard.

What is the best approach to cyber security?

Unfortunately, there appears to be no foolproof way to guarantee protection against a cyber attack. As of 2023, 97% of businesses have modern comprehensive cyber services in place. Despite these conscious efforts, the data shows that cyber criminals still succeed.

What’s more, only 15% of businesses have a formal cybersecurity incident management plan in place, suggesting that many businesses are not adequately prepared for the threat of cyber crime. Therefore having the right insurance is essential.

Organisations handling both personal and third party data, conducting electronic transactions or using computers for other business purposes, stand to benefit from a robust cyber insurance policy.

When selecting a policy, it is crucial to take a considered approach that accounts for specific business needs. Doing so will provide peace of mind that any losses can be reimbursed, as well as any legal action being supported. All too often, decisions are driven by price alone however this may mean that a policy doesn’t underpin all aspects of operations.

A full policy includes cover for cyber extortion, data recovery costs, business interruption, and any costs associated with data breaches, fines or penalties. By partnering with Bletchley, you’ll be supported in the development of a bespoke policy that ensures no aspects of your business are left unsupported if cyber criminals attack.

If you would like to discuss your insurance needs, please call 0121 803 3760 or email info@thebletchleygroup.com