What can we Learn from Business Victims of Cybercrime?

The threat posed by cybercrime is constantly evolving and with it so is the cost to businesses as they try to retrieve lost data and recover from business interruption, regardless of whether they chose to pay things like cryptocurrency ransom demands or not (police advice is always not to pay by the way!).  

Following several more high-profile cyber attacks, including companies like Garmin, Carnival Cruises and the New Zealand Stock Exchange. Why does ransomware continue to impact large and well-defended organisations? What can SMEs learn from this?

What we do know is that modern corporate networks are really complex, increasingly cloud-based and have more connected devices than ever following COVID-19 and the rush to have a workforce who are agile and still work remotely. The business case for having effective cyber security is clear, it’s estimated to cost the Greater Manchester Economy over £860m per year alone. But we cannot guarantee 100% protection from cybercrime because the threat landscape is constantly and rapidly. My academic partners reliably inform me the half-life of a cybersecurity degree is 18 months. Just half of what students learn in the first year is obsolete by the time they graduate! This means that our defences must equally adapt just to maintain pace. 

Police Cyber Crime Units help businesses victims investigate and recover from attacks. We see the impact but can also identify trends and learn from patterns to help protect businesses before they become victims. This is why we need to encourage victims to report cyber crimes, the percentage of reported crimes is as low as 1-2%!

The lessons we’ve learnt from victims are worth sharing because these stories are really powerful and help organisations better understand the threat and why it’s so important to protect themselves. It also helps to build trust and confidence in the police’s ability to respond and demonstrate that we understand the unique needs of business victims who want (and need) to get back online asap. 

The challenge is how to share these stories when reporting is so low and businesses are understandably concerned about their brand and reputational damage and fearful the cops will just seize their hardware for long and protracted digital forensic examinations. We must do better to really understand business victims, anonymise and share their stories and make cyber security accessible both financially and in the language we speak. 


neilcrcThe average date from infection to detection is 150 days so we need more victims to come forward as we believe up to 80% of cybercrime is preventable by following basic cyber PROTECT advice, much of which can be provided for free or at low cost through the Cyber Resilience Centre, which is supported by Greater Manchester Police and consistent with the advice produced by the National Cyber Security Centre

Neil Jones | Detective Superintendent | Greater Manchester Police