A recent report has found that one in five businesses was the victim of a cyberattack in 2023.

Computer-based attacks are 67% more likely than physical theft and can leave your business financially vulnerable. The average claim last year exceeded £20,000. And while you might think this kind of scam is reserved for big corporations, smaller businesses are increasingly affected too.

Worryingly, the Aviva survey found that a fifth of small businesses wouldn’t know what to do if they were the victim of a cyberattack.

Keep reading for a closer look at current scam figures and tactics, and the red flags to watch out for.

Cyberattacks cost businesses an average of £21,000

On average, 20% of businesses were on the receiving end of a cyberattack in the past year. 

While 35% of large corporate businesses confirmed they had fallen victim, nearly one in 10 (9%) of small businesses had also suffered cyberattack losses. These smaller companies are far more vulnerable to financial and operational repercussions. 

Of the businesses affected: 

• 31% experienced operational disruption
• 21% experienced data loss and system lockdowns. 

The average claim following an attack was £21,000. And while 20% of businesses admit to not knowing what to do in the event of an attack, the figure rises to 27% for small businesses.

Not only are smaller businesses vulnerable to attacks, but they might also fall foul of data protection law if the fraud is serious and they fail to act accordingly. This might include alerting the ICO within 72 hours or notifying affected individuals. 

There are a few main types of cyberattack your business could fall victim to, and some small steps you can take now to protect yourself.

2 common types of cyberattack to look out for and what to do next

A cyberattack is an attempt by tech-savvy criminals to hack your computer system, using it to steal money or data. It can take many forms. Here are two of the most common.

1. Malware 

Malware, or “malicious software”, is a term that encompasses a huge range of cyberattack types, which makes it the most common approach used by scammers.

Simply put, malware is a code or program intended to harm your business’s computer systems.

Malware might include:

• Ransomware – A type of malware that prevents access to your own files through encryption. Criminals then demand a ransom to decrypt your data.
• Spyware – Spyware is software that infects your systems and then collects information about your business’s web activity.
• Trojan – A trojan is malware that looks legitimate and could be hidden within a free download installed by you or your colleagues.

These are just three types of malware but you might also have heard of scareware, adware, worms, or rootkits.

You can protect your business by installing antivirus software, keeping your software up to date by installing patches when they are released, and turning on your firewall.

Education is also key so make sure your staff understand the threat a cyberattack poses. They’ll need to be vigilant. This means not downloading suspicious apps and being careful about how they use and secure memory sticks and drives. 

2. Phishing and smishing scams

A scammer might look to contact you or your staff directly via a telephone call, or through email (“phishing”) and text messages (“smishing”).

While telephone scammers can be cut off simply by putting the phone down, phishing and smishing scams can be more insidious. 

Emails and text messages can be convincing, with scammers purporting to be from official organisations or companies that you regularly deal with. 

Emails might contain company logos and links to websites that look genuine. Be sure never to click on links, though, as these authentic-looking web pages could be clone sites designed to harvest your data. You might also unwittingly download malware or other viruses whose effects might not be immediately apparent.

Check the official site for the company that has contacted you and check the email format they use. Does it match the email you have received? If the email is from a supplier, check the content of the email with a trusted contact there. 

Scammers might use an online scam to request money (an “invoice scam”) or target newer colleagues by pretending to be the boss (a “CEO scam”), looking to pressure inexperienced staff into making quick, bad decisions.

If you think you’ve been scammed there’s help available

Scammers are clever and are forever evolving their tactics. Ensuring you and your staff know the red flags to watch for is crucial. Visit Action Fraud or call 0300 123 2040 if you think you’ve fallen victim or visit ScamSmart for further information.

At Boolers, we have rigorous processes in place to keep our clients safe. The business decisions you make can have long-term ramifications so taking the necessary time to think and seek advice is key. 

We’ve been helping business owners like you for over 40 years. So, whether you’re looking to grow your company, purchase commercial property, or manage your personal retirement income, we can help. Contact us to see how our team of dedicated financial professionals can help you.