The cyber-security threat is evolving – is your business prepared?

In today’s fast paced market local businesses face many complex challenges, but few are as important or misunderstood as the risk of cybercrime.

Statistics show that in the past year, over 40% of UK companies suffered a cyber-attack with the figure rising to more than two thirds for larger firms. However, many organisations remain unprepared.

Research from security companies Avast and Node4 reveal more than a third of businesses don’t have systems in place to ensure basic software updates are made, a quarter lack anti-virus protection and of those that do have security policies, only half said they were followed by staff.

So, what are the risks? ‘Spear phishing’ is becoming increasingly prevalent where authentic and sophisticated looking emails which pretend to be from senior staff are sent to employees asking for sensitive information. A simple method but one which many businesses will be familiar with and it can quickly lead to the loss of confidential information.

Ransomware, when data is encrypted by hackers and a payment is demanded, is also becoming more common and there have been several high profile examples of this in the past year. The growth of connected devices as well as cloud storage is also creating more opportunities for criminals to exploit.

It’s important to note that no sector is immune to the risks of a cyber-attack whether it’s the loss of financial data, customer travel details or health records. The consequences can be severe as aside from damage to a business’s reputation and loss of trade, organisations can now face significant fines under the new GDPR legislation if they did not have the correct processes in place or fail to report the breach within 72 hours.

At a basic level, businesses need to understand all the data they hold, where and how it is stored and the potential impact if it were to be lost or compromised. This includes the information on the email server, financial data and customer records.

Importantly, the cyber-security threat is constantly evolving with attacks becoming more sophisticated so having standard plans in place is no longer sufficient. They need to be regularly reviewed, tested and updated.

Remember, people are often the weakest link in the chain and if senior managers don’t understand the nature of the threats they face, there is little chance of creating a security conscious culture throughout the company.

At Grant Thornton we have a dedicated, expert cyber security team who works with local businesses to identify their resilience to potential risks and provides support to maintain or improve security so you can manage your business with confidence.

For more information visit

Mike Hughes - Director at Grant Thornton’s Northampton office
Mike Hughes - Director at Grant Thornton’s Northampton office