What is cyber crime?

Speak to an expert

To find out more on how our cyber security products and services can protect your organisation, or to receive some guidance and advice, speak to one of our experts.

The term ‘cyber crime’ refers to criminal activity that involves ICT (information and communications technology).

Internet crimes range from automated cyber attacks carried out by unskilled opportunists to cyber warfare campaigns directed by state-sponsored APT (advanced persistent threat) groups.

Public awareness of cyber crime is increasing, but many organisations remain unsure about:

The nature and volume of the cyber threats they face;
How to protect themselves from those threats; and
The financial and reputational damage a successful attack could cause.

Find out about cyber security solutions to help you reduce your risk

On this page, we examine the current state of cyber crime, and explain why your organisation is at risk and what criminals hope to gain by attacking it.

The scale of cyber crime

Cyber crime is pervasive, and many organisations are struggling to adapt to the modern threat landscape.

For instance:

According to the UK government’s Cyber Security Breaches Survey 2019: General findings visualisation (Business and Charities), almost half (48%) of businesses identified at least one cyber attack per month.
The National Crime Agency’s Annual Plan 2019/20 estimates that 84% of fraud reported in the UK is cyber-enabled (from almost anywhere in the world).
The Federation of Small Businesses puts the annual cost of cyber attacks at £4.5 billion for small businesses.
The UK government’s ‘Understanding the UK cyber security skills labour market’ research report found that 54% of UK businesses have a basic cyber security skills gap, and 35% were not confident about dealing with a cyber security breach or attack.

Cyber Security as a Service (CSaaS)

Protect your organisation against evolving cyber threats with one affordable monthly subscription.

Cyber Security as a Service (CSaaS) is an outsourced model of cyber security management that provides you with the peace of mind that your business is secure.

Find out more

Types of cyber criminals

Cyber attacks are carried out by both individuals and organised groups. Threat actors include:

State-sponsored groups – those that carry out cyber warfare campaigns targeting critical national infrastructure.
Hacktivists – politically motivated attackers who target organisations to promote their ideology. Their activities often relate to human rights, free speech or freedom of information issues.
Insiders – those with privileged access to target systems, including negligent and malicious insiders, as well as external actors who gain access via user credentials.
Script kiddies – unskilled attackers who use off-the-shelf scripts and exploit kits.

What do cyber criminals hope to gain?

Cyber criminals usually aim to gain financially, extract data or cause disruption by (among other things):

Obtaining personal data to commit ID theft and financial fraud (cyber theft);
Obtaining banking credentials to steal money, or intellectual property to sell to competitors;
Installing ransomware to impair your operations and extort money from your organisation (cyber extortion); or
Installing malware to gain access to your systems in order to steal confidential or sensitive data.

Why every organisation is at risk of a cyber attack

High-profile incidents, usually experienced by larger organisations, receive considerable press coverage.

However, all organisations – including small and medium-sized enterprises – are at risk of computer crime.

No organisation is too small to be attacked. Often, cyber scams are automated and indiscriminate, as they tend to target specific vulnerabilities rather than specific websites or companies.

The volume of such scams also tends to be high, as automated cyber attacks require practically no skill to execute, and are cheap and easy to run.

Learn more about the cyber threats you face

Cyber crime and GDPR and DPA 2018 compliance

Under the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, organisations that process personal data must implement appropriate technical and organisational measures to protect that data and the individuals it belongs to.

If you suffer a cyber attack that results in a personal data breach, you could be fined by the ICO (Information Commissioner’s Office) if you are found not to have implemented appropriate security measures.

A breach could cost your organisation up to 4% of its annual global turnover or €20 million (about £18 million) in regulatory fines – whichever is greater. That’s on top of remediation costs, reputational damage and lost business due to service unavailability.

Find out about our data privacy solutions

Fighting cyber crime

According to a National Audit Office report, 80% of cyber attacks can be prevented with basic cyber hygiene

Cyber Essentials

The UK government’s Cyber Essentials scheme sets out five security controls that provide organisations with that basic cyber hygiene. Its assurance scheme gives organisations the opportunity to demonstrate that they have implemented these measures via independent certification.

Learn more about Cyber Essentials

Staff awareness training

People are widely acknowledged to be the weakest part of any security system. Even if you implement the best technological measures and put processes in place to ensure they are properly deployed and kept up to date, their effectiveness can be compromised by poorly trained users, putting your organisation at risk.

Learn more about staff awareness training

Penetration testing

Assess your systems and networks for any potential weaknesses caused by poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.

Find out more about penetration testing

Win the war against cyber crime

Don’t risk it, cyber secure it: take proactive action and make cyber security your mission.

Enlist in IT Governance’s five-week cyber security boot camp today to receive your free combat plan.

Enlist now

Start your journey to being cyber secure today

IT Governance has a wealth of experience in the cyber security and risk management field. We have been carrying out cyber security projects for more than 15 years and have worked with hundreds of private and public organisations in all industries. All our consultants are qualified and experienced practitioners.

Our services can be tailored for organisations of all sizes in any industry and location. Browse our wide range of products below to kick-start your cyber security project.