Cyber security for business

Reasons behind cyber attacks

Guide

Every business, regardless of its size, is a potential target of cyber attack. That is because every business has key assets (financial or otherwise) that criminals may seek to exploit. By recognising the common motives behind cyber attacks, you can build a better understanding of the risks you may face, and understand how best to confront them.

Why do cyber attacks happen?

Most often, cyber attacks happen because criminals want your:

  • business' financial details
  • customers' financial details (eg credit card data)
  • sensitive personal data
  • customers' or staff email addresses and login credentials
  • customer databases
  • clients lists
  • IT infrastructure
  • IT services (eg the ability to accept online payments)
  • intellectual property (eg trade secrets or product designs)

Cyber attacks against businesses are often deliberate and motivated by financial gain. However, other motivations may include:

  • making a social or political point - eg through hacktivism
  • espionage - eg spying on competitors for unfair advantage
  • intellectual challenge - eg 'white hat' hacking

The key point is that cyber security threats don't always come from anonymous hackers or online criminal groups. Vulnerabilities can arise within your own business too.

Types of cyber attackers: insiders and outsiders

Cyber attackers broadly fall under two categories: those that pose threats to your business from the outside of your organisation, and those that present risks from the inside.

Insiders

Anyone with physical or remote access to your organisation's assets can expose you to cyber risk. For example:

  • trusted employees accidentally misplacing information
  • careless employees remiss of policies and procedures
  • disgruntled employees or ex-employees intent on damaging your business
  • malicious insiders with legitimate access to critical systems and information

Business partners, clients, suppliers and contractors with access to your business-critical assets can present insider threats to cyber security.

Outsiders

External cyber security threats can come from a variety of sources, including:

  • organised criminals or criminal groups
  • professional hackers - whether malicious or not
  • amateur hackers - sometimes known as 'script kiddies'

To manage cyber risk, regardless of its source, you should fully understand the range of motivations behind possible attacks. You should also know where and how to report a cyber crime, if it does happen to your business.

Why is cyber security important?

Cyber crime can potentially seriously disrupt and damage your business. As well as commercial losses and compromised reputation, attacks can expose your business to:

  • regulatory action or negligence claims
  • inability to meet contractual obligations
  • loss of trust among customers and suppliers

Read more about the potential impact of cyber attack on your business.

To stay informed and up-to-date with potential threats to your business, keep an eye on the latest cyber threat alerts from the National Cyber Security Centre (NCSC). You can also register for the NCSC's free Early Warning Service, designed to inform your organisation of potential cyber attacks on your network as soon as possible.