Over the past month, Google searches for “cyber attack” have surged by 588%, following high-profile breaches affecting major retailers like M&S, The Co-Op, and most recently, Harrods.
The retailers were targeted by unauthorised cyber attempts to access their systems, forcing them to temporarily suspend operations and shut down certain internal processes as a precaution.
Unsurprisingly, off the back of this, both businesses and consumers are urgently looking for ways to improve their defences, with interest in “cyber security course” rising by 93% in the past month while searches for “cyber security support” have also risen by a huge 320% in the past year.
In response to this growing threat, the business insurance team at Bionic has outlined how the right cyber insurance can help small businesses defend against digital attacks.
What is a cyber attack?
A cyber attack is a malicious attempt to access, disrupt, or damage a computer system, network, or digital data.
According to data published by IT Governance, the number of known data breaches soared from 8.2 million in 2023 to 35 million in 2024 – a staggering increase of over 337%*.
Some of the most common types of data breaches affecting UK businesses include:
-
Ransomware: A ransomware threat is a type of cyberattack where hackers encrypt a business’s data and demand a ransom payment in exchange for restoring access. In the past year, 31.6% of businesses experienced ransomware threats**, highlighting just how widespread and damaging these attacks have become.
-
Distributed Denial of Service (DDoS) Attacks: A DDoS attack is when hackers overwhelm a website or online service with massive traffic, causing it to slow down or crash entirely. In the past year, 24.6% of businesses reported experiencing DDoS attacks**, making it one of the most common forms of cyber disruption.
-
Phishing: Phishing involves sending fraudulent emails or messages that appear to come from trusted sources, aiming to trick recipients into revealing sensitive information or clicking on malicious links. Over 15% of businesses reported experiencing a phishing attack in 2024**, emphasising the need for businesses to take preventive action.
How to protect a business from a cyber attack
Laura Court-Jones, member of Bionic’s business insurance team, comments: “Hackers will target anyone they can and small businesses are often easy prey due to weaker security systems. Without robust defences, it’s much easier for cybercriminals to access sensitive information.
“To reduce the risk of an attack, it’s essential to invest in preventative measures such as regular software updates, installing firewalls and anti-virus applications and ensuring there’s available cybersecurity training for employees. While cyber insurance may help protect your business after an incident, these proactive steps are your first line of defence.
“That said, any business storing data digitally or using cloud-based systems should consider cyber insurance. Whether you run a warehouse,a cafe, or anything in between, it’s essential to take steps to help protect your operations and maintain the trust of your customers.
“Cyber insurance can act as a digital safety net, offering protection before, during, and after an attack. Policies will vary per provider, and terms and conditions apply, so always check the small print in your policy wording to see what’s included and excluded. Cyber insurance may include:
-
Pre-incident support – Including risk assessments, cybersecurity training, and expert advice to help prevent cyber threats before they occur.
-
Post-incident support -Assisting with crisis management, legal guidance, and technical investigation after a cyberattack.
-
Cyber extortion – Covering ransom payments (if chosen), negotiation services, and investigations in cases of ransomware or DDoS threats.
-
Damage to digital assets – Helping repair or replace corrupted or lost data, software, or digital infrastructure following an attack.
-
Security and privacy breaches – Covering the costs associated with data breaches, including legal fees, customer notification, and PR support to manage reputational damage.”