British Chamber of Commerce reveals large firms most at risk from cybercrime, with many companies lacking even the most basic protection

Cybercriminals have attacked one in five British businesses in the past year, many of which lack even the most basic security measures to protect confidential information. A report by the British Chambers of Commerce (BCC) found that only 24% of businesses said they had security in place to guard against hacking, despite the rising danger of attacks and increasing publicity about the threat.

Larger companies, defined as those with at least 100 staff, were more susceptible to cyber-attacks, with 42% of big businesses falling victim to cybercrime, compared with 18% of small companies.

The survey of 1,200 businesses follows a series of high-profile attacks on company databases, including those at search engine Yahoo, telecoms firm TalkTalk and dating website Ashley Madison.

Last year Yahoo discovered that hackers had accessed email addresses, telephone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers from more than 1bn user accounts in August 2013, making it the largest such breach in history.

Adam Marshall, the BCC director-general, said: “Cyber-attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity. While firms of all sizes, from major corporations to one-man operations, fall prey to attacks, our evidence shows that large companies are more likely to experience them.”

The survey found that most businesses were reliant on IT providers to resolve issues after an attack (63%), compared with 12% of banks and financial institutions and 2% of police and law enforcement agencies, which tend to have in-house expertise.

Marshall said: “Firms need to be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don’t adopt the appropriate protections leave themselves open to tough penalties.”

TalkTalk was hit last year with a record £400,000 fine for security failings that led to the company being hacked in October 2015. The Information Commissioner’s Office levied the fine, saying that the attack “could have been prevented if TalkTalk had taken basic steps to protect customers’ information”.

Hackers accessed the personal information of more than 150,000 customers of the internet service provider, including sensitive financial data for more than 15,000 people.

Marshall added: “Companies are reporting a reliance on IT support providers to resolve cyber-attacks. More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cybersecurity breach and increase clarity around the response options available to victims, which would help minimise the occurrence of cybercrime,” he said.

