Guide

Cyber security for business

Reasons behind cyber attacks

Every business, regardless of its size, is a potential target of cyber attack. That is because every business has key assets criminals may seek to exploit. Sometimes that is money or financial information. At other times, it may be personal information of staff and customers, or even the business' infrastructure.

By recognising the common motives behind cyber attacks, you can build a better understanding of the risks you may face, and find out how best to confront them.

Why do cyber attacks happen?

Most often, cyber attacks happen because criminals want your:

  • business' financial details
  • customers' financial details (eg credit card data)
  • sensitive personal data
  • customers' or staff email addresses and login credentials
  • customer databases
  • clients lists
  • IT infrastructure
  • IT services (eg the ability to accept online payments)
  • intellectual property (eg trade secrets or product designs)

Cyber attacks against businesses are often deliberate and motivated by financial gain. However, other motivations may include:

  • making a social or political point - eg through hactivism
  • espionage - eg spying on competitors for unfair advantage
  • intellectual challenge - eg 'white hat' hacking

See the latest cyber threat alerts from the National Cyber Security Centre.

Key point to note is that cyber security threats don't always come from anonymous hackers or online criminal groups. Vulnerabilities can arise within your own business too.

Types of cyber attackers: insiders and outsiders

Cyber attackers broadly fall under two categories: those that pose threats to your business from the outside of your organisation, and those that present risks from the inside.

Insiders
Anyone with physical or remote access to your organisation's assets can open you up to cyber risk. For example:

  • trusted employees accidentally misplacing information
  • careless employees remiss of policies and procedures
  • disgruntled employees or ex-employees intent on damaging your business
  • malicious insiders with legitimate access to critical systems and information

Business partners, clients, suppliers and contractors with access to your business-critical assets can also present risk. See more on insider threats in cyber security.

Outsiders
External cyber security threats can come from a variety of sources, including:

  • organised criminals or criminal groups
  • professional hackers - whether malicious or not
  • amateur hackers - sometimes known as 'script kiddies'

In order to manage cyber risk, regardless of its source, you should fully understand the range of motivations behind possible attacks. You should also know where and how to report a cyber crime, if it does happen to your business.

Why is cyber security important?

Cyber crime can potentially seriously disrupt and damage your business. As well as commercial losses and compromised reputation, attacks can expose your business to:

  • regulatory action or negligence claims
  • inability to meet contractual obligations
  • loss of trust among customers and suppliers

Read more about the potential impact of cyber attack on your business.