And how to keep your people and business safe
Cyber crime is an ever-increasing concern for individuals, businesses, and governments.
Here at Inside Out we’re advocates for giving people the knowledge they need to protect themselves and your organisation. Spreading awareness and education in the workplace is key to creating your very own cyber safety culture.
Here are some eye-catching and alarming statistics about cyber crime which will make your people think twice before clicking on that unexpected email link.
Feel free to share these stats with your colleagues, include them in your internal newsletters, or post them onto your employee intranet. Let us know how your people respond!
Four in ten businesses (39%) report having cyber security breaches or attacks in the last 12 months - Department for Digital, Culture, Media & Sport, 2021
Cyber security attacks and breaches are no longer isolated incidents targeting solely huge corporations. Almost 40% of organisations have been affected by cyber crime in the last year, showing how common being targeted is.
While the majority of attacks are still affecting bigger businesses, the focus has broadened from these highly-prized entities, to small and micro businesses, who often lack the budget or expertise needed to create and implement a cyber security plan. These businesses are also the least likely to get external support with their cyber security.
One in five (21%) of businesses targeted by cyber criminals end up losing money, data or other assets, with one third (35%) being negatively impacted through disruption, staff diversion, or the implementation of post-breach measures.
Nine out of ten cyber security breaches are the result of human error - UK’s Information Commissioner’s Office and CybSafe, 2019
90% of cyber security breaches are the direct result of us clicking on phishing links, giving away sensitive information to the wrong individuals, or inadequately protecting our accounts.
This is because cyber criminals are great at social engineering which makes fooling us all that much easier. Social engineering is the use of psychological manipulation to trick users into thinking the link they are clicking, the email they are opening, or the person they have been contacted by, is legitimate.
Paired with our often questionable cyber hygiene, like never changing passwords, joining any public WiFi network we can connect to, or delaying software updates, it’s no surprise that it’s people and not cyber security technology letting us down.
The total cost of cyber security breaches to UK businesses over the last five years is believed to be more than £87 billion - Beaming, 2020
Cyber crime is a huge and lucrative market. Including damaged assets, financial penalties and lost productivity, UK businesses collectively lost around £87 billion to cyber crime between 2015 and 2020.
For comparison, this is more than the cumulative cost of the UK furlough job retention scheme, which set the government back £70 billion by mid October 2021.
The global average remediation cost of ransomware attack is $1.85 million USD (approximately £1,340,000) - Sophos, 2020
On average, considering downtime, people time, device cost, network cost, lost opportunity, and ransom payment, a successful ransomware attack on your organisation sets you back £1.34 million.
The UK’s most high-profile ransomware attack in recent years, the NHS WannaCry crypto worm attack, caused the health service to come to a standstill. More than 6,900 appointments were cancelled, and the estimated cost of the cyber attack (including the aftermath, lost output and IT cost) was £92 million.
A total of 14% of businesses train staff on cyber security and 20% have tested their staff response, for example with mock phishing exercises - Department for Digital, Culture, Media & Sport, 2021
While education and awareness are key players in health and safety or diversity and inclusion training in the workplace, less than one fifth of businesses invest in training their people when it comes to cyber safety.
This is despite the rise of cyber crime in recent years, and the fact that one in nine cyber security breaches are the result of human error. Our people don’t know how to protect themselves, all the while cyber criminals are becoming more savvy, making their attempts more and more difficult to spot.
So what can you do to protect your organisation from cyber criminals?
Let us do the work
Our cyber safety communications and behaviour change programme, CyberSafe, contains everything your people need to know to keep themselves and your organisation safe from cyber security attacks.
CyberSafe follows science-backed change management and behaviour change methodologies proven to support long-term behaviour change. This is essential for keeping your people engaged with cyber safety both now and in the future.
The programme is composed of three key areas:
Raising awareness of cyber safety through engaging, targeted communications.
Developing the skills to be cyber safe through interactive learning.
Ensuring sustainable ways of managing cyber safety by embedding it into the fabric of your organisation.
Getting your people on board and engaged with cyber safety is key to keeping your cyber security high, and your cyber security investments worthwhile. What are you waiting for?
Feeling stuck or need help bringing your communications ideas to life? Curious about what CyberSafe could do for your organisation? Send us an email hello@insideoutconsulting.co.uk or visit our website insideoutconsulting.co.uk.