4 unexpected targets for cyber-attacks (and steps to protect against them)
Authored by NIG
At a Glance
- Insight into industries finding themselves increasingly vulnerable to cyber-attacks
- Practical guidance for businesses looking to be more cyber aware
- Sector specific tips for protecting against cyber threats
Small and medium-sized enterprises are increasingly vulnerable to cyber-attacks. But it can be easy to have the mindset that it’s an issue that affects other industries – until it happens to you. Unfortunately, it’s not just financial or office-based businesses which find themselves targeted. We look at four industries where cyber threats can have a huge impact, even if staff aren’t sat behind a computer on a daily basis.
More than half (54%) of UK SMEs experienced some form of cyber-attack in 2022, up from 39% in 2020.
Unexpected target 1: Estate agents
Estate agencies have vast levels of personal data at their fingertips, from customer bank details to National Insurance numbers and other private information required as part of property transactions. The industry is also increasingly reliant on tech yet tends to operate out of small local offices which can lack the appropriate security infrastructure.
Buying and selling a home is one of the most stressful times in people’s lives – add in a data breach or delays to the process as systems are down, and estate agents are putting valuable customer trust and their reputations at risk.
Cyber tip - Proper data storage and disposal processes are essential.
Unexpected target 2: Shops
With the rise of online shopping, even from smaller retailers, it’s no wonder shops are a common target for cyber criminals. Research from Zynstra shows that 16% of retailers suffer an attempted or successful cyber-attack every day. Examples of the types of cyber attacks retailers face are hugely varied, from websites being taken down to payment devices being skimmed and customer data compromised.
Today, customers expect a seamless retail experience whether in store or online, and any disruption to this, whether it’s not being able to place an order or being forced to pay with cash rather than card as payment machines have been taken down (as very publicly happened to The Works in 2022) can have a catastrophic impact on reputation.
Cyber tip - Having a clear Incident Response Plan can ensure recovery from any attacks is as swift and seamless as possible.
Unexpected target 3: Manufacturers
As the manufacturing industry increases reliance on technology such as AI to automate processes it becomes more vulnerable to cyber-attacks. In fact, Dragos’ 2022 report shows that ransomware attacks on industrial infrastructure organisations doubled. As the heart of the UK’s industry, disruption to manufacturing organisations can have a real knock-on effect, causing stock shortages and damaging the reputations of much bigger companies who rely on them to keep their supply chain going.
Cyber tip - Don’t neglect software updates. Patching and installing updates helps to keep your devices protected, especially from new types of attack.
Unexpected target 4: Hotels
Hotels, and other hospitality-based businesses, hold huge amounts of personal data which makes them an ideal target for cyber criminals. The nature of hotels’ business means there are various ways threats can impact them, from hackers targeting websites where customers’ personal data is stored to Denial-of-Service attacks on room management and booking systems and ‘skimming’ customer information from Point-of-Sale devices.
Free Wi-Fi may now be a standard expectation in hotels, but it can lead to vulnerabilities if it’s not appropriately configured, providing an entry point for cyber threats to attack guests. Huge chains such as the Marriott group have been fined significant sums for data breaches in recent years, but smaller, independent hotels can also be affected.
Despite this, research shows that the food and hospitality sector spends significantly less on cyber security than other industries – £1,080 a year on average according to the government’s 2019 Cyber Security Breaches Survey. This compared to £15,400 a year for information and communications companies, £7,730 for the transport and storage sector and £3,750 for the construction industry. The most recent survey for 2023 showed that hospitality businesses still place less emphasis on cyber security than other sectors, with only 58% saying it is a high priority, compared to 71% of businesses overall.
Cyber tip - With the sheer number of vulnerabilities within hotels, staff cyber training is essential.
While there are a number of actions businesses across all industries can take to protect themselves against cyber-attacks, it still pays to have protection in case the worst happens.
Speak to your usual NIG contact about our standalone cyber cover or how to add protection to a policy.
About NIG
We’ve been experts in commercial insurance for 125 years.
The National Insurance and Guarantee Corporation (NIG) is a broker only insurer; we believe in getting to know both the brokers we work with and their clients’ businesses, building trusted partnerships that last for the long-term. Our highly experienced underwriting team are focused on working with brokers to identify and understand the risks faced by UK enterprises. Together, with our risk control experts and risk management tools we develop solutions to help UK enterprises reduce and mitigate key exposures. We offer a wide range of products with flexibility to create tailored insurance cover and when clients need us, claims are dealt with quickly and fairly through a proactive claims approach.
Our trading model has been designed to reflect the differing requirements of how brokers like to trade, with regional offices, National Trading Centre, National Schemes Centre, eTrade Centre of Excellence and dedicated experts for specialist sectors.
We’re investing in new technology to make us even easier to trade with. We’re launching an online risk management resource supported by our in-house Risk Control Team and introduced online claims submissions to speed up the claims process, minimising disruption to clients’ businesses. We are also the only insurer two years running with a five-star rating for both TheHub and Software Houses, in the Insurance Times 2019 and 2020 eTrade survey.
We are dedicated to making UK enterprises more resilient.
NIG is a wholly owned subsidiary of Direct Line Insurance Group plc, providing stability and financial strength. Our policies are underwritten by U K Insurance Limited.