KCOM research shows businesses in "war" against cybercriminals

Hull’s businesses are in a “war zone” against cybercriminals according to the man charged with catching online scammers.

Detective Sergeant Steve Dennison, of Humberside Police’s Cybercrime Investigation Team, has urged business owners to report incidents amid fears cybercrime is going under-reported in the region as a new survey reveals that one in four of the region’s businesses has suffered a cyberattack.

Speaking at the first in a new series of KCOM Business Boost events DS Dennison said without vital information from victims, law enforcement agencies would struggle to bring the offenders to justice.

He said: “A quarter of businesses in this region have suffered from cyberattacks – and those are the ones we are aware of.

“That’s a staggering statistic. It’s another fact that 59 per cent of businesses don’t report attacks to the police.

“That means law enforcement and intelligence services don’t have a full picture of the attacks that are happening, the nature of those attacks and where they come from. To report it gives us the picture that allows us to coordinate activity across the globe with our partners such as the National Crime Agency, Europol and Interpol.”

Also speaking at the event was Dr Dionysios Demetis, lecturer in management systems at the University of Hull Business School, who unveiled the results of a KCOM-backed Cyber Security survey of Hull and East Riding’s business community.

The survey, which questioned hundreds of businesses from different sectors across the region, revealed 27.3 per cent said they had suffered a cyberattack.

Other findings included that 59 per cent of victims didn’t report the cyberattack to police.

Also, of those business questioned, 58 per cent said they relied heavily on IT while 72.3 percent believed they would suffer major repercussions from a cyberattack.

Dr Demetis said he wasn’t surprised by the scale of cyberattacks on local businesses but believed known crimes were only the tip of the iceberg.

He said: “Because the nature of cybercrime has shifted and cyber-attacks are indiscriminate the risks are there for every business that relies on computers.

“The results that we have from the cybersecurity research in Hull and East Yorkshire raise further concerns. For example, only 40 per cent of businesses train their members of staff periodically on cybersecurity.

“This harbours dangers for businesses because many attacks, such as phishing, will bypass security filters so staff members are a key line of defence.

“Our results for the region indicate lack of top-management engagement with cybersecurity and only 44 per cent of companies seem to have a clear cyber-security strategy in place. This is also another major problem.

“If training and top-management involvement improved in the region it would be a major start.”

Dr Dionysis said he believes the region was in danger to falling victim to a “mountain of indifference” as company bosses adopted an “It’ll never happen to me” approach to cybercrime.

He said: “While the percentage of businesses that have suffered a cyberattack is lower than the national statistic (46 per cent), the concern is that we have a very large ‘grey area’ - we could have a large percentage of cyberattacks that have been undetected, the financial consequences of which will take time to unfold.

“In some cases, when businesses realise that they have been attacked, it is too late. They have lost intellectual property that has been used against them in various ways.

“This is perhaps the irony from the analysis of the findings and where we find an imbalance. The behavioural characteristics indicate that cybersecurity is indeed taken very seriously.

“In fact, when we asked participants “What level of impact would a cyberattack have on your business?”, 75 per cent responded that it would have a significant and very significant impact.

“However, this does not actually translate into specific actions that would allow us to say that businesses are taking the threat seriously enough. This is a business rationale that generally thinks that ‘we are not going to be the victims of a cyberattack’ or they would think it is unlikely. “

• Businesses who think they have been the victims of cybercrime are urged to contact Actionfraud or by calling 0300 123 2040

Survey headlines 

• 231 business people from our region took part in the research carried out in partnership by KCOM, the University of Hull and Humberside Police
• Nearly half all respondents were top management
• Respondents came from all sectors with the top four being: business services, retail, education and manufacturing
• 27.3 per cent say their business has suffered a cyber attack
• Phishing (38 per cent), malware (30 per cent) and ransomware (19 per cent) are the most common form of cyber attack
• More than half of attacks (59 per cent) were never reported to the authorities
• 58 per cent of businesses say they rely heavily on IT and connectivity
• 72.3 per cent say they would suffer major repercussions from a cyber attack
• Only 44 per cent of companies seem to have a clear cyber-security strategy in place
• Only 40 per cent of businesses train their members of staff periodically on cybersecurity