How to report a cyber crime
Different types of cyber crime
Understand the common ways cyber criminals may attack your business, how cyber attacks work and how they might affect you.
Cyber attacks can take many forms: from malware injection and phishing to hacking and ransomware. Some types of attacks are more effective than others, but all present a significant - and increasingly unavoidable - business risk.
In order to counteract that risk, it helps to understand the different cyber threats you may face and the various ways criminals might try to cause harm to your business.
Common cyber security threats
Most likely cyber security threats your business may be exposed to include:
- cyber fraud - including phishing, spear phishing, vishing and whaling
- malware attacks - including viruses, worms, trojans, spyware, rootkits, etc
- ransomware attacks
- drive-by downloads
- hacking - including distributed denial-of-service attacks (DDoS), keylogging, etc
- password decryption
- out-of-date, unpatched software
Attackers can use multiple routes, including web, email and malicious files, to exploit different vulnerabilities in your business systems, networks or processes.
Human error
Not all security breaches are the result of hacks or malicious action. Many are due to human error. For example, a member of staff may inadvertently send information to the wrong recipient, lose paperwork or fail to redact personal data.
What is a cyber attack?
A cyber attack is a malicious attempt by a third party to damage, destroy or alter:
- computer networks
- computer information systems
- computer or network infrastructure
- personal computer devices
There are many reasons behind cyber attacks. Criminals may wish to steal money, access financial and sensitive data, weaken integrity or disrupt the operations of a company or an individual. Attacks often result in crimes such as financial fraud, information or identity theft.
Examples of cyber attacks
Cyber attackers use many different methods to try to compromise IT systems. The most common practices are:
- remote attacks on IT systems or website
- unauthorised access to information held on a corporate network or systems
- unauthorised access to data held in third-party systems (eg hosted services)
- system infiltration or damage through malware
- disruption or denial of service that limits access to your network or systems
Attacks can be:
- targeted - where you are singled out because of specific interest in your business or the attacker has been paid to target you
- un-targeted - where attackers indiscriminately target as many devices, services or users as possible
Read the National Cyber Security Centre's guidance to find out how cyber attacks work.
Can you avoid cyber attack?
Many attacks can be prevented by following the steps recommended in the UK government's Cyber Essentials scheme.
You can also use the NCSC's free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.
The NCSC also offer a free Cyber Action Plan. By answering a few simple questions, you can get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attack.
Keep in mind that, however stringent your safety measures are, not all cyber attacks can be avoided. If you do experience an attack, see how to report a cyber crime.
ActionsAlso on this siteContent category
Source URL
/content/different-types-cyber-crime
Links
Reasons behind cyber attacks
Find out why cyber criminals target businesses and what assets (financial or otherwise) may be at risk from attacks.
Every business, regardless of its size, is a potential target of cyber attack. That is because every business has key assets (financial or otherwise) that criminals may seek to exploit. By recognising the common motives behind cyber attacks, you can build a better understanding of the risks you may face, and understand how best to confront them.
Why do cyber attacks happen?
Most often, cyber attacks happen because criminals want your:
- business' financial details
- customers' financial details (eg credit card data)
- sensitive personal data
- customers' or staff email addresses and login credentials
- customer databases
- clients lists
- IT infrastructure
- IT services (eg the ability to accept online payments)
- intellectual property (eg trade secrets or product designs)
Cyber attacks against businesses are often deliberate and motivated by financial gain. However, other motivations may include:
- making a social or political point - eg through hacktivism
- espionage - eg spying on competitors for unfair advantage
- intellectual challenge - eg 'white hat' hacking
The key point is that cyber security threats don't always come from anonymous hackers or online criminal groups. Vulnerabilities can arise within your own business too.
Types of cyber attackers: insiders and outsiders
Cyber attackers broadly fall under two categories: those that pose threats to your business from the outside of your organisation, and those that present risks from the inside.
Insiders
Anyone with physical or remote access to your organisation's assets can expose you to cyber risk. For example:
- trusted employees accidentally misplacing information
- careless employees remiss of policies and procedures
- disgruntled employees or ex-employees intent on damaging your business
- malicious insiders with legitimate access to critical systems and information
Business partners, clients, suppliers and contractors with access to your business-critical assets can present insider threats to cyber security.
Outsiders
External cyber security threats can come from a variety of sources, including:
- organised criminals or criminal groups
- professional hackers - whether malicious or not
- amateur hackers - sometimes known as 'script kiddies'
To manage cyber risk, regardless of its source, you should fully understand the range of motivations behind possible attacks. You should also know where and how to report a cyber crime, if it does happen to your business.
Why is cyber security important?
Cyber crime can potentially seriously disrupt and damage your business. As well as commercial losses and compromised reputation, attacks can expose your business to:
- regulatory action or negligence claims
- inability to meet contractual obligations
- loss of trust among customers and suppliers
Read more about the potential impact of cyber attack on your business.
To stay informed and up-to-date with potential threats to your business, keep an eye on the latest cyber threat alerts from the National Cyber Security Centre (NCSC). You can also register for the NCSC's free Early Warning Service, designed to inform your organisation of potential cyber attacks on your network as soon as possible.
ActionsAlso on this siteContent category
Source URL
/content/reasons-behind-cyber-attacks
Links
Impact of cyber attack on your business
Understand the impact of cyber attacks on businesses and their finances, reputation and consumer confidence.
A successful cyber attack can cause major damage to your business. It can affect your bottom line, as well as your business' standing and consumer trust. The impact of a security breach can be broadly divided into three categories: financial, reputational and legal.
Economic cost of cyber attack
Cyber attacks often result in a substantial financial loss arising from:
- theft of corporate information
- theft of financial information (eg bank details or payment card details)
- theft of money
- disruption to trading (eg inability to carry out transactions online)
- loss of business or contract
In dealing with the breach, businesses will also generally incur costs associated with repairing affected systems, networks and devices.
Cyber Security Breaches Survey 2023
The latest UK government survey showed that 32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months. This is much higher for medium businesses (59%), large businesses (69%) and high-income charities with £500,000 or more in annual income (56%).
Among those identifying any breaches or attacks, the government estimates that the single most disruptive breach from the last 12 months cost each business, of any size, an average of approximately £1,100. For medium and large businesses, this was approximately £4,960. For charities, it was approximately £530.
Reputational damage
Trust is an essential element of a customer relationship. Cyber attacks can damage your business' reputation and erode the trust your customers have for you. This, in turn, could potentially lead to:
- loss of customers
- loss of sales
- reduction in profits
The effect of reputational damage can even impact on your suppliers, or affect relationships you may have with partners, investors and other third parties vested in your business.
Legal consequences of a cyber breach
Data protection and privacy laws require you to manage the security of all personal data you hold - whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions.
How to minimise the impact of cyber attacks on businesses
Security breaches can devastate even the most resilient of businesses. It is extremely important to manage the risks accordingly.
You can use the National Cyber Security Centre's (NCSC) free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.
The NCSC also offer a free Cyber Action Plan. By answering a few simple questions, you can get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attack.
After an attack happens, an effective cyber security incident response plan can help you:
- reduce the impact of the attack
- report the incident to the relevant authority - see how to report a cyber crime
- clean up the affected systems
- get your business up and running in the shortest time possible
It can help to invest in user training, education and awareness in your organisation on an ongoing basis.
ActionsAlso on this siteContent category
Source URL
/content/impact-cyber-attack-your-business
Links
Cyber security risk management
How to manage cyber security risks to your business, create security policies and practices, and use cyber insurance.
Cyber security is the practice of protecting your computer systems and networks from attacks. It relies on different methods to reduce the risks of attacks, and protect organisations from unauthorised exploitation of their computer systems.
Managing risks is a critical component of your business' cyber security. If your systems, networks and devices are vulnerable, the services and operations of your business, and even your customers, may be at risk.
What is cyber risk?
Cyber risk refers to any risk of financial loss, disruption or damage to your business that potentially results from:
- your online activity
- online trading
- failure of your IT systems and networks (regardless of the cause)
- storage of personal data on IT systems and networks
Cyber risk can affect any organisation that relies on digital networks, technology or information. See what is IT risk.
Cyber risk assessment
Cyber risk assessment involves the identification, analysis and evaluation of cyber risks. As part of the assessment, you should look at your entire IT infrastructure and try to identify possible threats arising from:
- people, processes and technologies
- vulnerabilities within your systems
You should also look at threats posed by the different types of cyber security attacks.
How to assess cyber risk?
When assessing cyber risks, it is often useful to focus on the most serious threats based on the likelihood and the cost/impact of them occurring. This is a common IT risk assessment methodology.
The National Cyber Security Centre (NCSC) offers a free online tool called 'Exercise in a Box' which can help you understand how resilient you are to cyber attacks and practise your response in a safe environment.
You can also use the NCSC's free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.
Cyber risk management
Cyber risk management consists of several key processes, including:
- risk analysis - understand the specific threats to your business
- risk strategy - determine the processes and controls your business needs
- implementation of risk solutions - deploy the necessary cyber security measures
- risk training - educate staff about their role in managing cyber risks
- monitoring - review and test the effectiveness of your security measures
- risk transfer - consider insuring against cyber risks and plan for contingency
Following these established IT risk management processes will help you build resilience and the ability to prevent, detect and respond to cyber threats in a way that minimises business disruption and financial loss.
What is cyber risk insurance?
Cyber security insurance (and cyber liability insurance) can help your business further mitigate risk exposure by offsetting some of the costs involved in cyber incident recovery. These may be expenses related to:
- the management of a cyber incident
- the investigation of a breach
- data subject notification and remediation
- liability, eg for breach of privacy or unintentional distribution of confidential data
- professional fees related to recovery actions
- business interruptions, eg from network downtime
Cyber risks typically fall into 'first party' risks and 'third party' risks. Some policies cover either or both of these categories.
Many cyber insurance policies may also cover you against things like extortion, electronic theft or intellectual property infringement. Most insurance products will have certain exclusions, so if you're looking to buy cyber insurance make sure that you read the fine print carefully. Find out more about cyber insurance.
ActionsAlso on this siteContent category
Source URL
/content/cyber-security-risk-management
Links
Cyber security breach detection
How to know if your business is under a cyber attack, and what to do to contain or control a cyber breach.
It's not always easy to tell if your business has experienced a cyber security breach. Attackers use a variety of ways to avoid detection and stay in your system long enough to harvest as much data as possible. Sometimes, it can take months - and often longer - to realise that an attack has taken place. By that stage, it may have already caused a significant impact on your business or customers.
How to detect a security breach
Detecting cyber attacks is a challenge even for the experts, but certain warning signs could indicate that a cyber breach or intrusion is underway. For example:
- suspicious network activity (eg strange file transfers or log in attempts)
- sudden changes to critical infrastructure or system passwords and accounts
- suspicious files in your system, which may or may not have been encrypted
- suspicious banking activities and transactions
- inexplicable loss of access to your network, email or social media accounts
- leakage of customer details, client lists or company secrets
- unusually slow internet connections and intermittent network access
- error signs or warnings in browsers, anti-virus or anti-malware tools alerting you to infections
See how to detect spam, malware and virus attacks.
If you have a business website, you should monitor it for any anomalies that may suggest an attack may be in progress. For example:
- unexplained inconsistencies or questionable extras in your code
- problems with administrative logins or accessing management functions
- unexplained changes in traffic volume (eg sudden and drastic drop)
- unexplained changes in the design, layout or content of your site
- performance issues affecting the availability and accessibility of your website
Criminals are constantly finding new ways to exploit vulnerabilities, so it's important to be aware of current and emerging threats.
Staying up to date with the latest threats
You can keep an eye on the latest cyber threat alerts or subscribe to the Early Warning Service from the National Cyber Security Centre (NCSC) to learn of potential cyber attacks on your business network.
Breach detection systems
Breach detection tools (also known as intrusion detection tools) can help identify threats inside your network. They are either software or hardware products capable of recognising active threats and alerting relevant security staff that they need to take action. For example, you can set up these tools to monitor the network and send an alert if they suspect:
- suspicious user behaviour
- vulnerability in the network
- threats in applications and programs
These tools focus on identifying intrusions after they happen, containing and controlling the breach, and mitigating the damage. Many different products exist in the market, from open source tools to commercial packages. Read more about business data breach and theft.
How to contain and control cyber breach
Security and data incidents are becoming increasingly frequent. No single product or method can guarantee that your business' cyber defences will hold. That's why it is really important to consider and decide in advance how you will manage your response to a cyber breach.
You should develop a comprehensive cyber security incident response plan to help you contain and recover from any potential breach. Detailed guidance on this is available in the NCSC's:
- small business guide to response and recovery
- free 'Exercise in a Box' online tool - use it to test and practice your resilience
If you detect an intrusion or an attempted attack on your business, you should report it to the relevant authorities.
ActionsAlso on this siteContent category
Source URL
/content/cyber-security-breach-detection
Links
Cyber security incident response plan
How to respond to a cyber attack and develop an effective cyber incident response plan for your business.
Incident response planning should be part of your business' cyber security regime, alongside risk management and cyber security breach detection. An incident response plan can help safeguard your business and protect it against the impact of cyber crime.
To plan your cyber security incident response, you need to consider ways in which you will handle cyber security and your readiness to:
- prepare for an incident
- deal with a cyber breach or intrusion
- follow up after a cyber security incident
It's best to decide in advance how you will manage these different aspects of your response.
Steps in cyber incident response
The way each business will deal with a cyber breach may differ slightly depending on their circumstances, but typically the planned response should entail the following steps.
STEP 1: Contain the breach
After you detect a breach, the priority is generally to contain it and mitigate the risk of further damage to your business or loss of data. To do this, you will have to:
- assess the nature and scope of the incident
- consider all systems that could have been affected
- look for concealed intrusions
- reroute network traffic or block a web attack, if applicable
- isolate or suspend compromised devices, networks or system areas
Occasionally, you may need to suspend your entire organisation's network or website, even if this causes further disruption to your business.
If the breach is limited to certain aspects of your business, determine which services, processes and operations can safely continue while you're dealing with the incident.
STEP 2: Form an incident response team
An incident response team will usually involve:
- technical or security personnel - to investigate the breach
- HR representatives - where employees are involved in the breach
- PR experts - to control and minimise brand damage
- data protection experts - if personal data has been misused, leaked or stolen
You may also want to engage a legal adviser and - if you have insurance in place - consult your insurance provider.
STEP 3: Conduct an investigation
Look into the circumstances of the breach, and assess how it has affected you. Plan remedial actions, including those needed to:
- identify gaps in security that have led to the breach
- clean up affected systems and remove ongoing threats (eg malware)
- get systems up and running again
- address internal or external involvement in the breach
Carry out an investigation to determine which security controls have failed. Keep a record of this information and use it to:
- review and improve policies and procedures for your business
- develop a comprehensive incident response plan for any future intrusions
STEP 4: Address legal and regulatory requirements
As part of managing the incident, you may need to inform certain organisations or individuals about the breach. Be clear about who you need to notify and why. You may need to inform:
- the regulators if the breach results in the loss or theft of personal data
- any individuals or groups whose personal data has been compromised, such as customers, clients and suppliers
Businesses in specific sectors, eg financial services or telecommunications, may also need to notify relevant regulatory bodies about the incident.
Important: Under the UK General Data Protection Regulation (UK GDPR), you must report serious breaches of personal data to the Information Commissioner's Office if the breach is likely to result in a risk to people's rights and freedoms.
STEP 5: Report the incident
Like any other crime, you should report cyber crime incidents to the law enforcement agency assigned to tackle them. You may need to contact different agencies depending on the type of incident and if it is still in progress. Find out how to report a cyber crime.
STEP 6: Manage reputational damage and customer relations
Not all security breaches become public, but those that do (eg customers' personal data leaks) have the potential to cause significant reputational harm to businesses. In such circumstances, communicating quickly, openly and honestly to those affected by the incident is often the best course of action.
If the damage to your brand and business is significant, you may want to consider hiring a crisis manager or a public relations consultant to help you work out feasible strategies.
To help you prepare for and plan your response to a cyber incident, see the National Cyber Security Centre's (NCSC) small business guide to response and recovery.
You can also use the NCSC's 'Exercise in a Box' online tool to help you test your resilience to cyber attacks and practise your response in a safe environment.
ActionsAlso on this siteContent category
Source URL
/content/cyber-security-incident-response-plan
Links
How to report a cyber crime
Find out where and how businesses can report online fraud, cyber security incidents and other types of cyber crime.
Different agencies have different remits in terms of investigating and assisting with cases of online fraud, data breaches and cyber crime.
Report a phishing attempt
If you think you may have incurred financial loss or have been hacked as a result of responding to a phishing message, you can report scam to Action Fraud.
Suspicious emails
If you receive an email which you're not quite sure about, forward it to the Suspicious Email Reporting Service: report@phishing.gov.uk. The National Cyber Security Centre (NCSC) will investigate it.
Suspicious texts
If you receive a suspicious text message, forward it to 7726 - it's free. This will report the message to your mobile phone provider.
Report fraud and cyber crime
You can report fraud or cyber crime to Action Fraud at any time using their online reporting tool. Reporting online is quick, easy and can be done on any device.
Businesses, charities and other organisations experiencing a live cyber attack (one that is in progress) can use Action Fraud's 24/7 reporting service. Call Tel 0300 123 2040 to speak to specialist advisers. This service is available to businesses 24 hours a day, 7 days a week.
Report cyber crime in Northern Ireland
Businesses in Northern Ireland should report fraud and related cyber crime directly to Action Fraud unless they are requesting a call for service, in which case they can contact the Police Service of Northern ireland.
Reporting a cyber security incident
If you experience a cyber security incident, you can alert the NCSC for information or technical assistance. Incidents reported using this form are monitored 24/7 by an NCSC defence watch officer who will aim to reply at the earliest opportunity.
Reporting data breaches
If the cyber attack you experienced caused a data breach, reporting it to Action Fraud, the PSNI or the NCSC won’t automatically pass this on to the Information Commissioner's Office (ICO). Depending on the likely risk to individuals as a result of the breach, you may have to report the breach to the ICO within 72 hours.
Find out more about reporting serious breaches of personal data.
Why should you report cyber crime?
Depending on the scope of the crime, relevant agencies may be able to:
- advise you on the appropriate cyber security measures
- assist you in responding to the incident
- assist in identifying and prosecuting offenders
In cases of serious crime, they may even refer your case to specialised law enforcement agencies such as the National Crime Agency.
For advice on reducing your cyber risk, see Cyber Essentials scheme.
ActionsAlso on this siteContent category
Source URL
/content/how-report-cyber-crime
Links
Cyber Essentials scheme
Introduction to Cyber Essentials, a UK certification scheme that helps businesses protect themselves against cyber threats.
Cyber Essentials is a government-backed scheme that details the minimum baseline standard for cyber security. The scheme sets out five basic technical security controls that, when implemented correctly, can protect organisations against a wide range of the most common cyber threats.
The five technical controls cover:
- firewalls
- secure configuration
- user access control
- malware protection
- security update management
All Cyber Essentials certifications started on or after 24 April 2023 will be assessed using the new version of Cyber Essentials requirements (PDF, 556K).
Under the scheme, there are two levels of certification.
Cyber Essentials self assessment
For this certification, organisations assess themselves against the five basic security controls. A qualified assessor then verifies the information provided.
You can download the self assessment questions for free in advance of your certification which you can then complete online.
Costs of certification start from £300 plus VAT, depending on the size of your organisation. The certification lasts 12 months and needs to be renewed annually.
Apply now for Cyber Essentials certification.
Small businesses in certain sectors across the UK can apply to take part in the Funded Cyber Essentials Programme, which provides 20 hours of free remote support from an NCSC-assured cyber security advisor. Find out more about the Funded Cyber Essentials Programme.
Cyber Essentials Plus
This level of certification includes the self assessment questionnaire and requires you to have the same protections in place. However, instead of self-assessing, a qualified assessor will verify the five technical controls through a technical audit on your IT systems.
The cost of this certification will depend on the size and complexity of your network. The certification lasts 12 months and needs to be renewed annually.
Get a quote for Cyber Essentials Plus certification.
Get ready for certification
Guidance is available from the IASME consortium to help you get certified.
You can also use the Cyber Essentials readiness tool to help you prepare for certification.
The tool guides you through a series of questions based on the main parts of the Cyber Essentials requirements. If there are areas where you need to put more controls in place, you will get a link to guidance about how to make those changes.
At the end of this process, you will get a list of actions outlining what steps you need to take to prepare for Cyber Essentials and links to specific guidance on those actions.
Benefits of Cyber Essentials certification
Cyber Essentials certification puts security firmly into focus, which can in turn:
- help to attract new business
- differentiate you from your competitors
- reassure your customers that you take cyber security seriously
- raise your profile with insurers, investors and auditors
Certification also includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20 million annual turnover (terms apply).
Finally, having a valid Cyber Essentials certification is mandatory if you intend to bid for central government contracts which involve:
- handling personal and sensitive information
- provision of certain technical products and services
Read the procurement policy note on the Cyber Essentials scheme.
ActionsAlso on this siteContent category
Source URL
/content/cyber-essentials-scheme
Links