Business guides listing
Keep your business cyber secure

Keep your business cyber secure
Cyber attacks are on the rise and pose an increasing threat to businesses. Find out about common types of cyber attack, how to keep your business secure and why cyber security should be a key priority at the heart of your business.
Common types of cyber attack
Cyber attacks and cybercrime are on the rise and they pose an increasing threat to businesses. There are many different forms of cyber attack. Here are just a few of the more common types:
- Phishing: fraudulent communication (often email) that looks like it's come from a reputable source
- Malware: malicious software such as spyware, viruses and ransomware - often activated when users click on links or open email attachments
- Denial-of-service attack: systems, networks and servers are flooded with traffic and can stop working
- Social engineering: users are tricked into clicking on malicious links or deception is used to physically gain access to a device
- Man-in-the-middle: attackers interrupt the data moving between your device and the network you're using (such as unsecured public Wi-Fi) to steal your information
Criminals are also taking advantage of the rise of work-from-home, targeting remote staff with fraudulent emails, phone calls, texts, messages or social media posts.
Six reasons why cyber security matters
The financial impact on businesses affected by cybercrime rose nearly six-fold last year. The average cost of an attack is now estimated to be around £44,000.
Source: Cyber Readiness Report, Hiscox, 2020
But the damage can be wide ranging and more than just financial. Many businesses who have been hacked or experience cybercrime report that it caused damage to their brand, stopped them winning new business, or lost them clients. And in many cases, it had a significant impact on their ability to operate.
And it's not just companies working in the digital sector who are at risk of a cyber breach. Companies from across different industries and sectors are targeted by cyber criminals on a daily basis for their intellectual property, customer data or for financial gain.
The reality is that small companies are often seen as soft targets compared to larger organisations who can employ teams of people and expensive systems.
Businesses are still seeing significantly increased levels of home working. Company devices, such as laptops, are now often sitting outside corporate networks and may not benefit from corporate security technology such as firewalls, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
Also, some companies are now relying on cloud services without understanding the security arrangements for the services they're using.
It's important to understand your 'risk appetite' for cyber security. You should think about the amount and type of risk that your company is willing to take. You'll also need to think about how much you're willing to invest or spend to manage the risk.
As public awareness of cyber security is growing, more and more of your customers are taking cyber security seriously, so it's important to show customers that you take their information seriously.
If you’re bidding for contracts, you need to focus on cyber security.
The Scottish Government has launched public and private sector action plans on cyber security. Both include actions that mean from now on, being able to demonstrate Cyber Essentials will be increasingly necessary when bidding for contracts.
This reflects a general shift towards a focus on cyber security in the procurement process. In a KPMG survey:
- 94% of procurement managers said cyber standards are important when awarding a contract for an SME
- 86% said they would consider removing a supplier from their roster due to a cyber security breach
Source: Small Business Reputation and the Cyber Risk, KPMG, 2016
The amount of time leaders spend worrying about cyber security is increasing:
- Three quarters of UK businesses have said cyber is a high priority for senior management
- Three fifths have sought information, advice or guidance on cyber security
- Nearly 70% spent money on cyber security
Source: DCMS Cybersecurity Breaches Survey 2017
Protect your customers, protect your business
£44,000 estimated average cost of a cyber attack, but the damage can be far-reaching and more than financial
39% of companies were affected by a cyber attack in 2020
£1.3 billion total cyber losses among affected companies in 2020
Cyber Readiness Report, Hiscox, 2020
Protect your business
Prevention is cost-effective and being resilient is an opportunity to create value and differentiate your business from your competitors. Make cyber security a key priority at the heart of your business - it shouldn’t just be left to your IT department.
Attacks often succeed because many businesses are missing basic defences and security policies, such as patching, anti malware software, using strong passwords and network security. Having regular penetration tests (a simulated cyber attack) are also important and can help you find vulnerabilities in your networks and applications.
Cyber Essentials certification is a good and achievable starting point for most businesses to begin their journey towards cyber resilience.

Cyber Essentials certification
Cyber Essentials certification is increasingly recognised as a cost-effective way for organisations to protect themselves against cyber attack.
Cyber Essentials is a UK Government backed certification, run by the National Cyber Security Centre (NCSC). It's a relatively simple way to make sure you have controls in place against the most common types of cyber threats.
And importantly, it allows you to publicly demonstrate your commitment to cyber security.

Sources of help and advice

Business Gateway Cyber Resilience toolkit
Find Business Gateway's guidance and support on the cyber landscape and the steps you can take to become cyber resilient.

Digital development loans
If you want to improve your digital capabilities and processes in areas such as cyber security, data analytics, software engineering and digital skills development, the Scottish Government provides interest free loans to help.

Digital Health Check
Business Gateway's DigitalBoost provides online guidance, workshops, digital health checks and one-to-one digital support.

Scottish Business Resilience Centre
Free advice, support and resources to help you build confidence, understand your threats and vulnerabilities, and secure your business environment.

SBC mentoring
Scottish Business Cares (SBC) offers a one-to-one mentoring service for businesses who need support to overcome challenges brought on by Covid-19.