- Insight into industries finding themselves increasingly vulnerable to cyber-attacks
- Practical guidance for businesses looking to be more cyber aware
- Sector specific tips for protecting against cyber threats
Small and medium-sized enterprises are increasingly vulnerable to cyber-attacks. But it can be easy to have the mindset that it’s an issue that affects other industries – until it happens to you. Unfortunately, it’s not just financial or office-based businesses which find themselves targeted. We look at four industries where cyber threats can have a huge impact, even if staff aren’t sat behind a computer on a daily basis.
Unexpected target 1: Estate agents
Estate agencies have vast levels of personal data at their fingertips, from customer bank details to National Insurance numbers and other private information required as part of property transactions. The industry is also increasingly reliant on tech yet tends to operate out of small local offices which can lack the appropriate security infrastructure.
Buying and selling a home is one of the most stressful times in people’s lives – add in a data breach or delays to the process as systems are down, and estate agents are putting valuable customer trust and their reputations at risk.
Proper data storage and disposal processes are essential.
Unexpected target 2: Shops
With the rise of online shopping, even from smaller retailers, it’s no wonder shops are a common target for cyber criminals. Research from Zynstra shows that 16% of retailers suffer an attempted or successful cyber-attack every day. Examples of the types of cyber attacks retailers face are hugely varied, from websites being taken down to payment devices being skimmed and customer data compromised.
Today, customers expect a seamless retail experience whether in store or online, and any disruption to this, whether it’s not being able to place an order or being forced to pay with cash rather than card as payment machines have been taken down (as very publicly happened to The Works in 2022) can have a catastrophic impact on reputation.
Having a clear Incident Response Plan can ensure recovery from any attacks is as swift and seamless as possible.
Unexpected target 3: Manufacturers
As the manufacturing industry increases reliance on technology such as AI to automate processes it becomes more vulnerable to cyber-attacks. In fact, Dragos’ 2022 report shows that ransomware attacks on industrial infrastructure organisations doubled. As the heart of the UK’s industry, disruption to manufacturing organisations can have a real knock-on effect, causing stock shortages and damaging the reputations of much bigger companies who rely on them to keep their supply chain going.
Don’t neglect software updates. Patching and installing updates helps to keep your devices protected, especially from new types of attack.
Unexpected target 4: Hotels
Hotels, and other hospitality-based businesses, hold huge amounts of personal data which makes them an ideal target for cyber criminals. The nature of hotels’ business means there are various ways threats can impact them, from hackers targeting websites where customers’ personal data is stored to Denial-of-Service attacks on room management and booking systems and ‘skimming’ customer information from Point-of-Sale devices.
Free Wi-Fi may now be a standard expectation in hotels, but it can lead to vulnerabilities if it’s not appropriately configured, providing an entry point for cyber threats to attack guests. Huge chains such as the Marriott group have been fined significant sums for data breaches in recent years, but smaller, independent hotels can also be affected.
Despite this, research shows that the food and hospitality sector spends significantly less on cyber security than other industries*2 – £1,080 a year on average according to the government’s 2019 Cyber Security Breaches Survey. This compared to £15,400 a year for information and communications companies, £7,730 for the transport and storage sector and £3,750 for the construction industry. The most recent survey for 2023 showed that hospitality businesses still place less emphasis on cyber security than other sectors, with only 58% saying it is a high priority, compared to 71% of businesses overall.*3
With the sheer number of vulnerabilities within hotels, staff cyber training is essential.
While there are a number of actions businesses across all industries can take to protect themselves against cyber-attacks, it still pays to have protection in case the worst happens.
Speak to your usual NIG contact about our standalone cyber cover or how to add protection to a policy.
- Cyber security breaches survey 2023 – GOV.UK (www.gov.uk)