How might a data breach impact your business?
With the scope of personally identifiable data widening since the introduction of GDPR, larger fines and the addition of compensation for non-material damage all businesses, big or small, need to understand the risks associated with a data breach.
Learn More
What are the causes of a data breach?
The most widely known cause of a data breach are external attacks from hackers and while they do account for the majority of causes, accidental breaches account for 1/4 of reported breaches. If one of your suppliers is breached this can also directly or indirectly impact you as it may give them access to your data or credentials that can be used to access your systems.
Common threats
As we produce and store more and more data every day, it has become harder for businesses to protect and manage.
External threats
Spear phishing
A more sophisticated version of phishing that attempts to gain private information by impersonating a legitimate service you use often combined with publicly available data.
Malware attacks
Despite advances in anti-virus software, malware is still prevalent and has affected a third of all businesses.
Exposed passwords
If your data has been breached, hackers may attempt to use your credentials to access other services, like cloud computing, to gain access to your data.
Internal threats
Lost hardware
USB drives, laptops, mobile phones all pose a serious risk as they may contain PII data or allow access to your systems.
Wrong recipient
Sending an email attachment to wrong person can be a costly mistake but not all breaches are digital, with client letters being sent to the wrong recipient also common.
Open access
A recent investigation found that many companies were inadvertently sharing confidential data because they had made their cloud documents public.
How is my industry targeted?
Select your industry to see what types of hackers use to target businesses in your industry.
49%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
37%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
29%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
10%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
5%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
4%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
3%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
3%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
3%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
2%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
55%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
41%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
34%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
10%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
4%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
7%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
6%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
5%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
3%
Identify theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
2%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
45%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
41%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
20%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
9%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
1%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
1%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
1%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
5%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
3%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
1%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
47%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
32%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
22%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
21%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
4%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
2%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
2%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
4%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
3%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
1%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
52%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
43%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
28%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
14%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
4%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
0%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
3%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
5%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
0%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
3%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
38%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
28%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
24%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
16%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
4%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
2%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
0%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
2%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
2%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
2%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
38%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
28%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
28%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
4%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
13%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
7%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
7%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
6%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
4%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
3%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
43%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
44%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
35%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
4%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
5%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
0%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
0%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
0%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
0%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
0%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
57%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
43%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
38%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
4%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
3%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
1%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
2%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
1%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
2%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
1%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
51%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
41%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
33%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
10%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
10%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
10%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
0%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
4%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
7%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
4%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
66%
Phishing
Phishing uses link manipulation in emails and website spoofing to trick users into thinking that a spoofed website is genuine to gain their personal and financial details.
51%
Spear phishing
Spear phishing uses social engineering to send more sophisticated messages which contain information directly related to the victim.
21%
Malware attack
Viruses, worms, trojan horses and spyware are all forms of malware which infect computers in order to delete or obtain protected data.
8%
Card not present fraud
Comprised financial data can be used by hackers to make fraudulent payments online or over the phone where the PIN isn’t required.
3%
Denial of service attack
DDoS is a type of attack that bombards the targeted server with vast volumes of information requests crashing the target website.
3%
Ransomware attack
Ransomware infects a computer, making it inaccessible with the intention of extorting money from its owner in order to regain access.
11%
Online IP
The open nature of the internet has made it difficult to manage and police IP infringement and piracy as well as code cloning.
0%
Online invoice fraud
Another variant of phishing, where attackers impersonate companies sending cloned invoices often marked as urgent to intercept payments.
7%
Identity theft of business owners
Victims of cyber-attacks where personal details have been stolen are often used to conduct fraudulent activity in their name online.
0%
Website cloning
Hackers often imitate other websites, copying the design and content to mislead users into entering their personal and financial details.
Source: FSB UK - Cyber Resilience Report
How cyber-attacks can impact a business
While cyber-attacks and data breaches may have a direct financial impact on the business in the form of fines or compensation they also cause mass disruption and long-term costs which are harder to define. The calculator below only takes into consideration costs related to cyber-attacks, to calculate the potential costs of a data breach scroll to the bottom of the page.
What are the average costs of a cyber-attack?
Select your number of employees
Cost Breakdown
Direct Costs
£13,800
This includes costs from staff being prevented from carrying out their work; lost, damaged or stolen outputs, data, or assets; and lost revenue if customers could not access online services.
Recovery Costs
£4,800
This includes additional staff time needed to deal with the breach or to inform customers or stakeholders; costs to repair equipment or infrastructure; and any other associated repair costs.
Long Term Costs
£2,800
This includes the loss of share value; loss of investors or funding; long-term loss of customers; costs from handling customer complaints; and any compensation, fines or legal costs pre-GDPR.
Source: Cyber Security Breaches Survey 2018
How can you reduce the risk of a data breach?
With the scope of personally identifiable data widening since the introduction of GDPR, larger fines and the addition of compensation for non-material damage all businesses, big or small, need to understand the risks associated with a data breach.
Prevent
The first step any business should take is to reduce the risk of a data breach is by implementing some basic cybersecurity, putting in place strict data management controls and educating your staff on spotting risks.
Learn MorePrepare
Despite their frequency and commonality, very few (13%) of business have a cybersecurity incident1 management process in place and with just 72 hours to report a data breach, once discovered, to the ICO being prepared is vital for any business.
Learn MoreProtect
No cybersecurity software can guarantee the prevention of a cyber-attack and won’t stop an accidental breach or consequential one. Cyber and data liability insurance are there for when the worst happens might be something you’d want to consider.
Learn MoreWhat next?
Find out more about how cyber insurance can help if a data breaches occurs or get a personalised cyber risk report.
Cyber Calculator
Use our cyber calculator to see how much a data breach could cost your business
Calculate my risk
Cyber Insurance Hub
For further information on the issues covered above, please contact Aon on 0333 4553 159
Learn more