Cyber security for business

Cyber attacks can take many forms: from malware injection and phishing to hacking and ransomware. Some types of attacks are more effective than others, but all present a significant - and increasingly unavoidable - business risk.

In order to counteract that risk, it helps to understand the different cyber threats you may face and the various ways criminals might try to cause harm to your business.

Common cyber security threats

Most likely cyber security threats your business may be exposed to include:

• cyber fraud - including phishing, spear phishing, vishing and whaling
• malware attacks - including viruses, worms, trojans, spyware, rootkits, etc
• ransomware attacks
• drive-by downloads
• hacking - including distributed denial-of-service attacks (DDoS), keylogging, etc
• password decryption
• out-of-date, unpatched software

Attackers can use multiple routes, including web, email and malicious files, to exploit different vulnerabilities in your business systems, networks or processes.

Human error

Not all security breaches are the result of hacks or malicious action. Many are due to human error. For example, a member of staff may inadvertently send information to the wrong recipient, lose paperwork or fail to redact personal data.

What is a cyber attack?

A cyber attack is a malicious attempt by a third party to damage, destroy or alter:

• computer networks
• computer information systems
• computer or network infrastructure
• personal computer devices

There are many reasons behind cyber attacks. Criminals may wish to steal money, access financial and sensitive data, weaken integrity or disrupt the operations of a company or an individual. Attacks often result in crimes such as financial fraud, information or identity theft.

Examples of cyber attacks

Cyber attackers use many different methods to try to compromise IT systems. The most common practices are:

• remote attacks on IT systems or website
• unauthorised access to information held on a corporate network or systems
• unauthorised access to data held in third-party systems (eg hosted services)
• system infiltration or damage through malware
• disruption or denial of service that limits access to your network or systems

Attacks can be:

• targeted - where you are singled out because of specific interest in your business or the attacker has been paid to target you
• un-targeted - where attackers indiscriminately target as many devices, services or users as possible

Read the National Cyber Security Centre's guidance to find out how cyber attacks work.

Can you avoid cyber attack?

Many attacks can be prevented by following the steps recommended in the UK government's Cyber Essentials scheme.

You can also use the NCSC's free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.

The NCSC also offer a free Cyber Action Plan. By answering a few simple questions, you can get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attack.

Keep in mind that, however stringent your safety measures are, not all cyber attacks can be avoided. If you do experience an attack, see how to report a cyber crime.

Every business, regardless of its size, is a potential target of cyber attack. That is because every business has key assets (financial or otherwise) that criminals may seek to exploit. By recognising the common motives behind cyber attacks, you can build a better understanding of the risks you may face, and understand how best to confront them.

Why do cyber attacks happen?

Most often, cyber attacks happen because criminals want your:

• business' financial details
• customers' financial details (eg credit card data)
• sensitive personal data
• customers' or staff email addresses and login credentials
• customer databases
• clients lists
• IT infrastructure
• IT services (eg the ability to accept online payments)
• intellectual property (eg trade secrets or product designs)

Cyber attacks against businesses are often deliberate and motivated by financial gain. However, other motivations may include:

• making a social or political point - eg through hacktivism
• espionage - eg spying on competitors for unfair advantage
• intellectual challenge - eg 'white hat' hacking

The key point is that cyber security threats don't always come from anonymous hackers or online criminal groups. Vulnerabilities can arise within your own business too.

Types of cyber attackers: insiders and outsiders

Cyber attackers broadly fall under two categories: those that pose threats to your business from the outside of your organisation, and those that present risks from the inside.

Insiders

Anyone with physical or remote access to your organisation's assets can expose you to cyber risk. For example:

• trusted employees accidentally misplacing information
• careless employees remiss of policies and procedures
• disgruntled employees or ex-employees intent on damaging your business
• malicious insiders with legitimate access to critical systems and information

Business partners, clients, suppliers and contractors with access to your business-critical assets can present insider threats to cyber security.

Outsiders

External cyber security threats can come from a variety of sources, including:

• organised criminals or criminal groups
• professional hackers - whether malicious or not
• amateur hackers - sometimes known as 'script kiddies'

To manage cyber risk, regardless of its source, you should fully understand the range of motivations behind possible attacks. You should also know where and how to report a cyber crime, if it does happen to your business.

Why is cyber security important?

Cyber crime can potentially seriously disrupt and damage your business. As well as commercial losses and compromised reputation, attacks can expose your business to:

• regulatory action or negligence claims
• inability to meet contractual obligations
• loss of trust among customers and suppliers

Read more about the potential impact of cyber attack on your business.

To stay informed and up-to-date with potential threats to your business, keep an eye on the latest cyber threat alerts from the National Cyber Security Centre (NCSC). You can also register for the NCSC's free Early Warning Service, designed to inform your organisation of potential cyber attacks on your network as soon as possible.

A successful cyber attack can cause major damage to your business. It can affect your bottom line, as well as your business' standing and consumer trust. The impact of a security breach can be broadly divided into three categories: financial, reputational and legal.

Economic cost of cyber attack

Cyber attacks often result in a substantial financial loss arising from:

• theft of corporate information
• theft of financial information (eg bank details or payment card details)
• theft of money
• disruption to trading (eg inability to carry out transactions online)
• loss of business or contract

In dealing with the breach, businesses will also generally incur costs associated with repairing affected systems, networks and devices.

The latest UK government cyber security breaches survey found that 43% of businesses and 30% of charities experienced a cyber breach or attack in the past 12 months. This is much higher for medium businesses (67%), large businesses (74%), and high-income charities with £500,000 or more in annual income (64%).

Based on what respondents believed and self-reported, the government estimated that the average cost of the most disruptive breach for each business in the last 12 months was £1,600 for businesses and £3,240 for charities. Excluding those who reported £0 costs, the average cost of the most disruptive breach rises to £3,550 for businesses and £8,690 for charities.

Reputational damage

Trust is an essential element of a customer relationship. Cyber attacks can damage your business' reputation and erode the trust your customers have for you. This, in turn, could potentially lead to:

• loss of customers
• loss of sales
• reduction in profits

The effect of reputational damage can even impact on your suppliers, or affect relationships you may have with partners, investors and other third parties vested in your business.

Legal consequences of a cyber breach

Data protection and privacy laws require you to manage the security of all personal data you hold - whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions.

How to minimise the impact of cyber attacks on businesses

Security breaches can devastate even the most resilient of businesses. It is extremely important to manage the risks accordingly.

You can use the National Cyber Security Centre's (NCSC) free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.

The NCSC also offer a free Cyber Action Plan. By answering a few simple questions, you can get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attack.

After an attack happens, an effective cyber security incident response plan can help you:

• reduce the impact of the attack
• report the incident to the relevant authority - see how to report a cyber crime
• clean up the affected systems
• get your business up and running in the shortest time possible

It can help to invest in user training, education and awareness in your organisation on an ongoing basis.

Cyber security is the practice of protecting your computer systems and networks from attacks. It relies on different methods to reduce the risks of attacks, and protect organisations from unauthorised exploitation of their computer systems.

Managing risks is a critical component of your business' cyber security. If your systems, networks and devices are vulnerable, the services and operations of your business, and even your customers, may be at risk.

What is cyber risk?

Cyber risk refers to any risk of financial loss, disruption or damage to your business that potentially results from:

• your online activity
• online trading
• failure of your IT systems and networks (regardless of the cause)
• storage of personal data on IT systems and networks

Cyber risk can affect any organisation that relies on digital networks, technology or information. See what is IT risk.

Cyber risk assessment

Cyber risk assessment involves the identification, analysis and evaluation of cyber risks. As part of the assessment, you should look at your entire IT infrastructure and try to identify possible threats arising from:

• people, processes and technologies
• vulnerabilities within your systems

You should also look at threats posed by the different types of cyber security attacks.

How to assess cyber risk?

When assessing cyber risks, it is often useful to focus on the most serious threats based on the likelihood and the cost/impact of them occurring. This is a common IT risk assessment methodology.

The National Cyber Security Centre (NCSC) offers a free online tool called 'Exercise in a Box' which can help you understand how resilient you are to cyber attacks and practise your response in a safe environment.

You can also use the NCSC's free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.

Cyber risk management

Cyber risk management consists of several key processes, including:

• risk analysis - understand the specific threats to your business
• risk strategy - determine the processes and controls your business needs
• implementation of risk solutions - deploy the necessary cyber security measures
• risk training - educate staff about their role in managing cyber risks
• monitoring - review and test the effectiveness of your security measures
• risk transfer - consider insuring against cyber risks and plan for contingency

Following these established IT risk management processes will help you build resilience and the ability to prevent, detect and respond to cyber threats in a way that minimises business disruption and financial loss.

What is cyber risk insurance?

Cyber security insurance (and cyber liability insurance) can help your business further mitigate risk exposure by offsetting some of the costs involved in cyber incident recovery. These may be expenses related to:

• the management of a cyber incident
• the investigation of a breach
• data subject notification and remediation
• liability, eg for breach of privacy or unintentional distribution of confidential data
• professional fees related to recovery actions
• business interruptions, eg from network downtime

Cyber risks typically fall into 'first party' risks and 'third party' risks. Some policies cover either or both of these categories.

Many cyber insurance policies may also cover you against things like extortion, electronic theft or intellectual property infringement. Most insurance products will have certain exclusions, so if you're looking to buy cyber insurance make sure that you read the fine print carefully. Find out more about cyber insurance.

It's not always easy to tell if your business has experienced a cyber security breach. Attackers use a variety of ways to avoid detection and stay in your system long enough to harvest as much data as possible. Sometimes, it can take months - and often longer - to realise that an attack has taken place. By that stage, it may have already caused a significant impact on your business or customers.

How to detect a security breach

Detecting cyber attacks is a challenge even for the experts, but certain warning signs could indicate that a cyber breach or intrusion is underway. For example:

• suspicious network activity (eg strange file transfers or log in attempts)
• sudden changes to critical infrastructure or system passwords and accounts
• suspicious files in your system, which may or may not have been encrypted
• suspicious banking activities and transactions
• inexplicable loss of access to your network, email or social media accounts
• leakage of customer details, client lists or company secrets
• unusually slow internet connections and intermittent network access
• error signs or warnings in browsers, anti-virus or anti-malware tools alerting you to infections

See how to detect spam, malware and virus attacks.

If you have a business website, you should monitor it for any anomalies that may suggest an attack may be in progress. For example:

• unexplained inconsistencies or questionable extras in your code
• problems with administrative logins or accessing management functions
• unexplained changes in traffic volume (eg sudden and drastic drop)
• unexplained changes in the design, layout or content of your site
• performance issues affecting the availability and accessibility of your website

Criminals are constantly finding new ways to exploit vulnerabilities, so it's important to be aware of current and emerging threats.

Staying up to date with the latest threats

You can keep an eye on the latest cyber threat alerts or subscribe to the Early Warning Service from the National Cyber Security Centre (NCSC) to learn of potential cyber attacks on your business network.

Breach detection systems

Breach detection tools (also known as intrusion detection tools) can help identify threats inside your network. They are either software or hardware products capable of recognising active threats and alerting relevant security staff that they need to take action. For example, you can set up these tools to monitor the network and send an alert if they suspect:

• suspicious user behaviour
• vulnerability in the network
• threats in applications and programs

These tools focus on identifying intrusions after they happen, containing and controlling the breach, and mitigating the damage. Many different products exist in the market, from open source tools to commercial packages. Read more about business data breach and theft.

How to contain and control cyber breach

Security and data incidents are becoming increasingly frequent. No single product or method can guarantee that your business' cyber defences will hold. That's why it is really important to consider and decide in advance how you will manage your response to a cyber breach.

You should develop a comprehensive cyber security incident response plan to help you contain and recover from any potential breach. Detailed guidance on this is available in the NCSC's:

• small business guide to response and recovery
• free 'Exercise in a Box' online tool - use it to test and practice your resilience

If you detect an intrusion or an attempted attack on your business, you should report it to the relevant authorities.

Incident response planning should be part of your business' cyber security regime, alongside risk management and cyber security breach detection. An incident response plan can help safeguard your business and protect it against the impact of cyber crime.

To plan your cyber security incident response, you need to consider ways in which you will handle cyber security and your readiness to:

• prepare for an incident
• deal with a cyber breach or intrusion
• follow up after a cyber security incident

It's best to decide in advance how you will manage these different aspects of your response.

Steps in cyber incident response

The way each business will deal with a cyber breach may differ slightly depending on their circumstances, but typically the planned response should entail the following steps. 

STEP 1: Contain the breach

After you detect a breach, the priority is generally to contain it and mitigate the risk of further damage to your business or loss of data. To do this, you will have to:

• assess the nature and scope of the incident
• consider all systems that could have been affected
• look for concealed intrusions
• reroute network traffic or block a web attack, if applicable
• isolate or suspend compromised devices, networks or system areas

Occasionally, you may need to suspend your entire organisation's network or website, even if this causes further disruption to your business.

If the breach is limited to certain aspects of your business, determine which services, processes and operations can safely continue while you're dealing with the incident.

STEP 2: Form an incident response team

An incident response team will usually involve:

• technical or security personnel - to investigate the breach
• HR representatives - where employees are involved in the breach
• PR experts - to control and minimise brand damage
• data protection experts - if personal data has been misused, leaked or stolen

You may also want to engage a legal adviser and - if you have insurance in place - consult your insurance provider.

STEP 3: Conduct an investigation

Look into the circumstances of the breach, and assess how it has affected you. Plan remedial actions, including those needed to:

• identify gaps in security that have led to the breach
• clean up affected systems and remove ongoing threats (eg malware)
• get systems up and running again
• address internal or external involvement in the breach

Carry out an investigation to determine which security controls have failed. Keep a record of this information and use it to:

• review and improve policies and procedures for your business
• develop a comprehensive incident response plan for any future intrusions

STEP 4: Address legal and regulatory requirements

As part of managing the incident, you may need to inform certain organisations or individuals about the breach. Be clear about who you need to notify and why. You may need to inform:

• the regulators if the breach results in the loss or theft of personal data
• any individuals or groups whose personal data has been compromised, such as customers, clients and suppliers

Businesses in specific sectors, eg financial services or telecommunications, may also need to notify relevant regulatory bodies about the incident.

STEP 5: Report the incident

Like any other crime, you should report cyber crime incidents to the law enforcement agency assigned to tackle them. You may need to contact different agencies depending on the type of incident and if it is still in progress. Find out how to report a cyber crime.

STEP 6: Manage reputational damage and customer relations

Not all security breaches become public, but those that do (eg customers' personal data leaks) have the potential to cause significant reputational harm to businesses. In such circumstances, communicating quickly, openly and honestly to those affected by the incident is often the best course of action.

If the damage to your brand and business is significant, you may want to consider hiring a crisis manager or a public relations consultant to help you work out feasible strategies.

To help you prepare for and plan your response to a cyber incident, see the National Cyber Security Centre's (NCSC) small business guide to response and recovery.

You can also use the NCSC's 'Exercise in a Box' online tool to help you test your resilience to cyber attacks and practise your response in a safe environment.

Businesses in Northern Ireland, England and Wales should use the Report Fraud service to report fraud and cyber crime. The service acts as a central point of contact for information about fraud and financially motivated internet crime. The service launched on 4 December 2025 and replaces Action Fraud.

In certain situations, you can still report fraud and cyber crime to other relevant agencies like the National Cyber Security Centre (NCSC), the Police Service of Northern Ireland (PSNI) and the Information Commissioner's Office (ICO) where necessary.

If your business is affected by fraud and cyber crime

From 4 December 2025, Report Fraud is the main service to report fraud and cyber crime.

Report online

Use the Report Fraud online reporting tool to report fraud or cyber crime as an individual or organisation at any time.

Report by phone

Call Report Fraud on Tel 0300 123 2040 to speak to specialist advisers, available 24/7.

If you are a business, charity or organisation under a cyber attack, use the 24/7 phone service for urgent help and advice on how to manage the attack.

Reporting fraud and cyber crime in Northern Ireland

In Northern Ireland, you should report fraud and cyber crime through Report Fraud unless police involvement is urgently needed, and you are requesting a 'call for service'. This may be the case if:

• the fraud or cyber crime is happening now or has happened in the last 24 hours
• you know the suspect, and they live in Northern Ireland
• the victim is considered vulnerable (for example, due to age)
• the police need to act quickly to secure evidence (like CCTV) or prevent financial loss

If you are making a 'call for service' report, call 101. In an emergency, call 999. Do not use the Report Fraud service in these cases.

Reporting cyber security incidents to NCSC

If you are experiencing a serious cyber security incident (such as ransomware or data breaches), you can report it to the NCSC. NCSC can provide you with advice and technical support, but this will not replace reporting to police or Report Fraud.

Reporting personal data breaches

If a data breach happens, you may need to report it to the ICO within 72 hours, depending on the risk to individuals. Reporting to Report Fraud, PSNI or NCSC does not notify the ICO automatically. Find guidance on reporting personal data breaches.

If you want to report a suspicious email, phone call, text message or website

If you don't want to report a crime, but have come across fraudulent emails, phone calls, messages, social media or websites, you can report these in the following ways.

Reporting suspicious emails

Forward suspicious emails to the NCSC's Suspicious Email Reporting Service at report@phishing.gov.uk. This helps NCSC take down harmful websites and protect others from scams.

Reporting suspicious text messages

Report a suspicious text message for free by forwarding it to 7726. This service works on most major UK networks. If you forward a text to 7726, your provider will investigate the origin of the message and block or ban the sender, if it is found to be malicious.

You can also take a screenshot or screen recording of the text message and send it to the NCSC at report@phishing.gov.uk.

If you think you have been scammed or hacked after clicking a link or responding to a text message, contact Report Fraud straight away and change your passwords.

Reporting suspicious phone calls

To report a suspicious phone call, send a text to 7726 with the word 'call' followed by the caller's number. Your provider will be able to block or ban the number if it is found to be malicious.

Reporting suspicious websites

NCSC has the power to investigate and remove suspicious websites. If you come across a fake website, or a website that feels suspicious, report it to the NCSC and they will investigate.

Why should you report fraud and cyber crime

Reporting helps you protect your business and support wider efforts to fight crime. Agencies can advise on how to contain the attack and reduce loss, help identify and prosecute offenders, and use your report to improve national fraud and cyber crime defences.

Cyber Essentials is a government-backed cyber security certification scheme. It helps businesses protect their IT systems using five basic technical controls designed to prevent common cyber attacks.

What is Cyber Essentials standard?

Cyber Essentials sets the minimum cyber security standards for organisations. It covers:

• firewall protection to block unauthorised access
• secure configuration to reduce vulnerabilities
• user access control to manage permissions
• malware protection to prevent harmful software
• security updates to keep systems patched and safe

The standards are reviewed annually by experts from the National Cyber Security Centre (NCSC) and IASME (the scheme operator).

Two levels of Cyber Essentials certification

Under the scheme, there are two levels of certification.

1. Cyber Essentials (self-assessment)

To certify, businesses complete a self-assessment questionnaire on the five key controls. A qualified assessor reviews the responses to verify the information provided. Costs start at £320 plus VAT, depending on business size. Certification lasts 12 months and must be renewed annually.

Download your free self-assessment questions and apply online.

2. Cyber Essentials Plus

The higher level of certification includes the self-assessment plus a technical audit of your IT systems by a qualified security assessor. Costs vary depending on the size and complexity of your network. Certification also lasts 12 months and requires annual renewal.

Get a quote for Cyber Essentials Plus certification.

How to prepare for Cyber Essentials certification

Cyber Essentials requirements change yearly to keep the scheme effective against evolving threats. All certifications starting on or after 28 April 2025 use version 3.2 of the NCSC requirements for IT infrastructure.

To certify, businesses first need to check that their IT systems meet the five technical controls as detailed in the requirements document. You can use the IASME Cyber Essentials guidance and readiness tool to assess your current cyber security setup and identify gaps. Based on your answers to the tool, you will receive a tailored action plan with clear steps to help you prepare for Cyber Essentials certification. 

Small and medium-sized businesses preparing for Cyber Essentials can also book a free 30-minute consultation with an NCSC-assured Cyber Advisor.

2026 updates to Cyber Essentials requirements

From 27 April 2026, all new assessments will use version 3.3 of the NCSC requirements for IT infrastructure, which introduces stricter rules on cloud services, multi-factor authentication, and software security. If your business currently holds Cyber Essentials certification or plans to apply, review the new requirements now and prepare ahead of the deadline to avoid any compliance issues and keep your systems secure.

Why get Cyber Essentials certification?

Successful certification includes automatic cyber liability insurance for UK businesses with under £20 million turnover (terms apply). Certification will also help your business:

• improve cyber security and reduce risk
• build trust with customers, insurers, and investors
• win more contracts and attract new business

Finally, Cyber Essentials is mandatory for suppliers bidding on certain higher-risk public sector contracts - for example, those involving personal data or sensitive information, or the provision of certain technical products and services. Read the procurement policy note on Cyber Essentials to find out more.