London businesses are facing more security incidents—and are paying more in the aftermath of them.
A new report from the London Chamber of Commerce and Industry (LCCI) argues that despite efforts from government and law enforcement, London firms – particularly small and medium-sized enterprises (SMEs) – are still largely oblivious to the ever-more sophisticated methods cyber-criminals are using to steal valuable information.
Cybercrime costs UK companies alone at least £21 billion per year, and the costs of a security breach experienced by smaller companies are rising. The average cost of attacks comes in at £65,000 to £115,000, up from £35,000 to £65,000 just one year ago.
The report also found that more than 50% of London firms said they have experienced a cyber-breach; however, cybercrime numbers and costs could be far higher due to widespread under-reporting of online fraud.
Despite the UK government’s designation of Action Fraud as the first point of contact for cybercrime victims, many businesses are not aware of the service’s existence. Minimizing the information required from companies and better promotion would help increase reporting rates for vital intelligence, LCCI noted.
A lack of awareness of cyber-threats and the high costs of protection remain significant barriers to firms implementing stronger security measures. Smaller firms, meanwhile, are becoming increasingly targeted by cyber-criminals as their systems are generally easier to access, and they provide an open door to larger companies via supply chains. And, LCCI pointed out that government initiatives to improve awareness and resilience, and to reduce the costs of security are welcome, but often use overly complex, technical language that renders them inaccessible to the average small to medium-sized enterprise (SME).
LCCI has called on the government to create a single ‘landing pad’ of cybersecurity resources aimed a business, making it simpler for companies to know where to go for advice. The Mayor of London can complement this resource for the capital’s firms through the proposed London Business Resilience Centre.
“The growing menace of cybercrime is costing business dear in financial, data and intellectual property loss,” said Colin Stanbridge, CEO of LCCI, in the report. “SMEs often have very limited resources that can allocate to cybersecurity, so the government and Mayor of London must be more targeted in their approach to reaching smaller firms with helpful information, and focus on providing easy-to-adopt online security solutions.”
He added, “Unless more is done to help smaller firms understand and put in place at least basic security measures, the reputation of London as a major global centre for business is vulnerable. The authorities need to work together to make the process of online protection simpler, quicker, easier and cheaper for the smaller firms, so the health of the economy and the reputation of the capital is not undermined.”
LCCI also said that the government should encourage ISPs and banks to use the cover of existing laws to release data that could result in faster and more decisive action taken against criminals. Some simple guidance to help firms navigate the civil or criminal legal system would also help.
“The advance of technology has shifted criminal activity from the street to the PC,” said Deputy Mayor of London for Policing and Crime, Stephen Greenhalgh. “The LCCI cybersecurity report paints a picture of a strong will from government and law enforcement to protect businesses, but a confused landscape in terms of fragmented initiatives and policy responses.”
He added, “This report should galvanize the effort and make this confusing landscape easier for the business owner to navigate, from the online SME to the multinational. MOPAC looks forward to working with LCCI to raise awareness and simplify the plethora of initiatives out there, particularly for SMEs, through single hubs like the London Business Crime Resilience Centre.”
City of London Police Commander Steve Head, who is also the Police National Coordinator for Economic Crime, also weighed in: “Cybercrime is estimated to be costing UK companies at least £21 billion a year, but the reality is this huge figure would be even higher if all businesses reported to authorities when they had fallen victim to an offense committed through the internet or via other emerging technologies.”
He concluded, “The past year has also seen a significant rise in crime disseminations to UK forces for investigation and a huge rise in the disruption of criminal enablers. But only by having the full picture of how cybercrime is targeting industry can law enforcement and government put in place the resources and measures required to combat what has quickly become a massive threat to the sustainability and profitability of companies operating up and down the land.”