How much could cybercrime cost your business?

9 July 2016

3 min read

Have you got a spare £4m in your business account? Not many do, but that’s how much UK based SMEs will spend repairing the damage caused by cybercrime in just one year.

How much could cybercrime cost your business? (Desktop)

Realizing that they’ve been the victim of a cyber attack can be one of the most stressful times in the lifecycle of an SME.

What most people don’t know is that there’s more than just one type of cyber attack. Everyone has heard of phishing and viruses, but what happens when they’re confronted with a Distributed Denial of Service (DDoS) attack? Anti-virus protection is essential but doesn’t protect against everything, as a lot of people are led to believe.

“Many SMEs take a blasé approach towards cyber security and mistakenly don’t see themselves as targets of cyber criminals,” said George Scott, director of Cyber Security for KPMG in Scotland.

Forewarned is forearmed, so we’ve put together a breakdown of the different types of cyber attacks and their combined cost. Presenting the Seven Deadly styles of cyber attacks*:

Malicious code and malware

Potential cost to your business: £1 million*

Malicious code and malware have been specifically designed to corrupt computer code and web script. This allows cyber criminals to sneak in through backdoors in the system and leads to security breaches, damage to files and data theft.

Malware is an auto-executable application, meaning it can turn itself on without a hacker remotely controlling it. AXer the vulnerability has been created, cyber criminals can install spyware, and wipe and harvest data.

Distributed Denial of Service (DDoS)

Potential cost to your business: £960,000*

DDoS attacks are a targeted attack against your website and servers. The aim is to overwhelm your digital real estate, slowing it down to the point where it’s unusable, or it goes down completely.

Junk web traffic is directed to a specific target from hundreds or even thousands of sources. It’s nearly impossible to distinguish between real traffic and fake traffic and simply not feasible to block every IP that participates.

Web-based attacks

Potential cost to your business: £640,000*

Web-based attacks install code into your visitors’ browser when they first land on your site. This code can do anything from prompting the user to install something to redirecting them to another site, likely full of adverts and spyware.

This type of attack is so damaging because it can be impossible for customers to access your site, meaning traffic and sales will drop, along with trust in your brand.

Stolen devices

Potential cost to your business: £530,000*

It’s almost guaranteed that you or an employee will accidentally leave a laptop on the train or a phone in a taxi at some point. Your data could end up in the hands of cyber criminals without them even needing to hack your network.

In its survey ‘Mobile devices: Secure or Security Risk’, Deloitte were able to recover an astonishing amount of data from locked mobile phones. Over 50% of the four character PINs were cracked by soXware tools in less than 30 minutes.

Of these, 90% identified their owners’ email addresses, 75% provided enough information to identify the owner, and a further 75% revealed all of the stored contacts. The results were only 5-15% lower for factory wiped phones.

Phishing and social engineering

Potential cost to your business: £360,000*

Phishing and scams have become a lot more sophisticated than the infamous Nigerian prince emails. Instead, you can expect sophis:cated scams that come disguised as legitimate requests for information.

They now look like pop-ups that falsely inform you about viruses on your machine so you’ll download spyware that masquerades as anti-virus, or as fake emails from your bank encouraging you to log in – so they can harvest your details.

It only takes one employee to fall for a scam and your entire company network could be compromised.

Malicious insiders

Potential cost to your business: £360,000*

Unfortunately, there’s no technological defense against these individuals. Malicious insiders are employees who deliberately leak sensitive information, be it for profit or malicious reasons.


Potential cost to your business: £160,000*

Botnets are like a zombie army. Imagine if every machine on your network was infected with malware and under the control of cyber criminals – all without your knowledge. These zombie computers are used to perfect cybercrimes such as sending spam emails, launching DDoS attacks and distributing viruses. It’s a reality that affects SMEs all over the world and can be incredibly destructive.

Learn how you can secure your business against cyber attacks. Download our guide Cyber security and your business.

*All figures from Ponemon InsFtute, 2015 Cost of Cyber Crime Study

Cyber Security eBook