Businesses and the economy are under serious and growing threats from cyber crime. Cyber attacks are estimated to cost UK companies tens of billions of pounds a year. The real impact of cyber crime is likely to be far greater, with a significant number of cyber attacks going unreported. So says a new report from the London Chamber of Commerce and Industry (LCCI) argues that despite efforts from government and law enforcement, London firms – particularly small and medium-sized enterprises (SMEs) – are still largely oblivious to the ever-more sophisticated methods cyber criminals are using to steal valuable information. For the 22-page report in full visit – http://www.londonchamber.co.uk/DocImages/12773.pdf
Cyber crime costs UK companies alone at least £21bn a year and the costs of a security breach experienced by a smaller company are rising with the average costs of the worst attack now £65,000 to £115,000, up from £35,000 to £65,000 a year ago. The report quotes the unidentified director of a small security firm who admits: “The phishing emails I received looked genuine and even I, a security specialist, made the classic mistake of opening an attachment, which resulted in ransomware from hackers being installed onto my computer. Fortunately, it was picked up by security software that I had installed on my computer, and the only financial cost I had to pay was to an IT company to ensure the malware was correctly removed. If I didn’t have security software installed, the cost would have been far greater.”
The report – Cyber secure: making London business safe against online crime – found that:
More than half, 54 per cent, of London firms had experienced a cyber breach
Cyber crime numbers and costs could be far higher due to widespread under-reporting of online fraud to Action Fraud
A lack of awareness of cyber threats and the high costs of protection remaining significant barriers to firms implementing stronger security measures
Smaller firms are becoming increasingly targeted by cyber criminals as their systems are generally easier to access and they provide an open door to larger companies via supply chains; and
Government initiatives to improve awareness and resilience, and to reduce the costs of security are welcome, but often use overly complex, technical language which renders them inaccessible to the average SME.
The members of the chamber cyber Working Group are: Paul Weatherly, managing director, Lockheed Martin UK IS&GS Security (chair), Jane attwood, security advisor; Ceri Davies, Security Manager, Interxion; Tarquin Folliss, Director International, Falanx Group; Graeme McGowan, Associate Director, Optimal Risk; and Gary Miller, Partner, at law firm Mishcon de Reya. Among their recommendations, they say the Government should encourage Internet Service Providers (ISPs) and banks to disclose information on the origins of cyber crimes more quickly so that authorities and lawyers can act faster and more decisively against the criminals. The group urges business leaders to take more responsibility for protection and reporting cyber crime, rather than deferring incidents to their IT teams.
LCCI calls on the Government to create a single ‘landing pad’ of cyber security resources aimed a business, making it simpler for companies to know where to go for advice. The Mayor of London can complement this resource for the capital’s firms through the proposed London Business Resilience Centre.
Despite the Government’s designation of Action Fraud as the first point of contact for cyber crime victims, many businesses are not aware of the service. Minimising the information required from companies and better promotion would help increase reporting rates for vital intelligence, according to the chamber.
More also needs to be done to make it easier for firms to recover the costs of cyber crime, especially those done in the UK.
The Government should encourage internet service providers (ISP) and banks to use the cover of existing laws to release data that could result in faster and more decisive action taken against criminals.
Colin Stanbridge, Chief Executive of LCCI said: “The growing menace of cyber crime is costing business dear in financial, data and intellectual property loss. SMEs often have very limited resources that can allocate to cyber security so the Government and Mayor of London must be more targeted in their approach to reaching smaller firms with helpful information, and focus on providing east-to-adopt online security solutions.
“Unless more is done to help smaller firms understand and put in place at least basic security measures, the reputation of London as a major global centre for business is vulnerable. The authorities need to work together to make the process of online protection simpler, quicker,easier and cheaper for the smaller firm, so the health of the economy and the reputation of thecapital is not undermined”.
Deputy Mayor of London for Policing and Crime, Stephen Greenhalgh, said: “The advance of technology has shifted criminal activity from the street to the PC. The LCCI cyber security report paints a strong picture of a strong will from Government and law enforcement to protect businesses, but a confused landscape in terms of fragmented initiatives and policyresponses.
“This report should galvanise the effort and make this confusing landscape easier for the business owner to navigate, from the online SME to the multinational. MOPAC looks forward to working with LCCI to raise awareness and simplify the plethora of initiatives out there, particularly for SMEs, through single hubs like the London Business Crime Resilience Centre.”
And City of London Police Commander, Steve Head, who is also the Police National Coordinator for Economic Crime, said: “Cyber crime is estimated to be costing UK companies at least £21 billion a year but the reality is this huge figure would be even higher if all businesses reported to authorities when they had fallen victim to an offense committed through the internet or via other emerging technologies.
“It is therefore vitally important that SMEs who fall victim to an online crime contact Action Fraud, which in May became part of the City of London Police and now sits directly alongside the force’s National Fraud Intelligence Bureau (NFIB). Working together they are improving the service provided to small companies whose security has been breached by cyber-criminals with, mostimportantly, the arrival of bulk reporting for industry just around the corner.
“The past year has also seen a significant rise in crime disseminations to UK forces for investigation and a huge rise in the disruption of criminal enablers. But only by having the full picture of how cyber crime is targeting industry can law enforcement and government put in placethe resources and measures required to combat what has a quickly become a massive threat to the sustainability and profitability of companies operating up and down the land.”
Meanwhile in The Times on September 2, City of London Police Commissioner Adrian Leppard called for a national fraud and cyber crime awareness campaign to prevent people across the UK falling victim to economic-related crime. The Commissioner, who is also the ACPO lead for economic crime, believes the time has come for a publicity drive similar to the 1980s campaigns on the dangers of drink-driving.
In his interview with the newspaper, Mr Leppard said: “Economic crime is predominantly cyber-related. The reason we have problems in this area are two-fold: one, the scale of what is happening, it’s enormous. And secondly, the jurisdiction – the bulk of offending now is taking place overseas. Where you can reach the offenders in this nation and introduce legislation, you can have an impact.
“If the offending is overseas, where you don’t have legislation or powers to reach them, then it becomes very difficult. The majority of the threat is coming in, on the internet, from countries all over the world, so it is going to be very hard. We can’t shut down that threat – no domestic country can.
“When there was a shift change in this country in wearing seatbelts, or drink-driving, you would see TV campaigns and the release of products. Then, everyone in the community knew what they had to do. We need that level of public communication coupled with real and seriously useful products for people; how they need to protect themselves; what they need to do.
“Each person has access to the internet and online banking. Each person is exposed. We’ve got to find a national campaign, coupled with real products and useful tools that can help each sector of society protect themselves. We still have a lot more to do to educate the public and help small businesses to protect themselves.”
