What is your approach to risk-taking? Are you devil-may-care or do you batten down the hatches before anything comes near?

I’ve been thinking about this as I contemplate how we try to encourage people to act in the face of future threats. In this case, I’m thinking of cybercrime.

A business's biggest security risk

There can be a temptation to think that bad things happen to other people, not ourselves. We wouldn’t click on that random email link. We wouldn’t download that file sent from someone who says they are a colleague. We wouldn’t give our credit card details to someone who claims they are from our bank. We wouldn’t be fooled by a fake online shop.

It is commonly held that the biggest security risks within a business are the people who work for that business. Sometimes, this will be because of deliberate acts, but most commonly it is unintentional actions that allow criminals to access sensitive data.

Larger companies have more to lose in pure number terms, but they also tend to have dedicated cyber security teams and budgets that can absorb costs up to a point. A small business will usually be less protected from attacks, and with fewer staff will be less equipped to deal with the fallout should one occur.

Staying one step ahead of the criminals

The financial cost of being a victim of cybercrime can be devasting – anywhere up to £10,000 per business judging by various reports, while victims of online shopping fraud lost £56 million in 2023/24, with big spikes seen around Christmas.

The UK is in the top three most targeted countries for cybercrime, with phishing being the most common type of cybercrime afflicting the population. And no one is spared - charities are almost as likely as businesses to be targeted.

All of this means that it’s imperative that people know what to do to mitigate against a cyber threat, and why cyber security is something that everyone needs to be trained in. It’s about staying one step ahead of the fraudsters, or at the very least, not one step behind.

Although criminals, much like the technologies they use and abuse, are getting more sophisticated, so are the tools that protect us. In fact, there have never been so many tools available to help people and businesses protect themselves online.

Build your (and your team's) cyber security knowledge

October is National Cyber Security Awareness Month, so why not read up on some dos and don’ts and discover the tools that can help protect you, your family and the employer you work for.

If you run a business, it’s incumbent upon you to do your research on cyber security or ensure you have a member of staff assigned to do so. The risks of not doing so are too big even for the biggest risktakers.

The National Cyber Security Centre is the UK’s national source of cyber-related information. Their website (ncsc.gov.uk) contains advice for people and their families, and for businesses and charities large and small.

Business owners can read more about building a resilient business in the face of cyber and other threats, on our Business Resilience homepage.

Written by Philippa Batting, CEO, Buckinghamshire Business First