Have businesses learnt from the rapid spread of cybercrime?

Have businesses learnt from the rapid spread of cybercrime?


The rapid propagation of cybercrime has been accelerated by the COVID-19 pandemic since its full effect was first felt in March 2020.

How did we get to this inflection point? The first cyber-attack to hit the headlines in 1988 was inadvertently executed by Robert Tappan Morris – a student in the U.S. who wanted to develop a programme to assess the size of the internet. Unfortunately, his good intentions triggered the first Distributed Denial of Service (DDoS) attack in history, which infected up to 60,000 computers – and saw him become the first person convicted under the 1986 U.S. Computer Fraud and Abuse Act.

Back in 1988, no one could have predicted that the exponential growth of the internet – and our reliance on it – would cause cyber-attacks to evolve from avoidable mistakes into the world’s biggest criminal growth industry. Fast-forward to 2019 and it was being estimated that cybercrime would cost us $6 trillion annually by 2021. So, when the pandemic struck with full force the following year, this already burgeoning industry went from strength to strength – because cybercriminals are opportunists.

The Covid-19 pandemic quickly escalated into a business opportunity for cybercriminals, who seized their chance to cash in on escalating uncertainty. The rapid spread of the virus globally created the perfect storm for these unscrupulous individuals: fear, uncertainty, vulnerability, large-scale remote working and increased online activity. So, they began exploiting these conditions by infecting businesses devices and compromising their data on a whole new scale. What happened next has been nothing short of astonishing – and the best way to fully appreciate the sheer scale of pandemic-fuelled cyber-attacks is to digest the stats.

It didn’t take long for cybercriminals to seize their opportunity once the pandemic reared its ugly head in March 2020:

  • By May, almost half (46%) of global businesses had experienced at least one cybersecurity threat.
  • More than 11,000 UK-government-themed phishing campaigns were taken down – over double the 2019 total.
  • UK businesses faced a 20% rise in cyber threats in 2020.
  • Web application attacks against UK businesses were up 800% in the first half of 2020.
  • Ransomware attacks against UK businesses increased by 20% in the first half of 2020.

Amid the pandemic, 2020 was unprecedented when it came to the number of cyber-attacks against UK businesses. With organisations stretched during this testing period and focused on survival, perhaps the most telling insight from the deluge of stats is that many businesses have lacked the resources to mitigate cybercrime in 2021 – resulting in a drop-off in the application of vital cybersecurity controls.

The UK government’s Cyber Security Breaches Survey highlights this worrying trend:

Managing cybercrime in 2021

This infographic below underscores the extent to which the volume of cyber-attacks – which were already escalating before March 2020 – has grown since the pandemic struck.

Monthly Attacks (2021 vs 2020 vs 2019 vs 2018)

Q2 2021 Cyber Attack Statistics

What does the future hold?

It is estimated that the global cost of cybercrime will reach $10.5 trillion annually by 2025, up from $3 trillion in 2015 – and the pandemic has been a factor in this projected growth. Not just because of the targeted attacks that use it as bait; but because of its power to change the way we work. Enforced homeworking has given rise to a new flexible working model that has transformed the workplace.

Homeworking is great news for workers who want to benefit from this newfound flexibility; but it’s even better news for cybercriminals who have a much larger attack surface to target – and social engineering is typically their modus operandi. For example, phishing remains the most common threat vector faced by businesses in the UK – and has grown in volume during the pandemic. Therefore, it is essential to train your staff around how to spot different types of social engineering attacks, which also include vishing, smishing and baiting.

Never has it been so important to implement a proactive approach to cybersecurity. As the pandemic subsides and your business grows, you must not be complacent about cybersecurity – which the stats suggest is the current trend. Responding reactively to these sophisticated – and constantly evolving – threats is not enough. You must focus on developing a cybersecurity strategy that establishes and implements proactive and meaningful security controls and culture. You should also work towards internationally-recognised business standards that aim to establish better cybersecurity standards – such as the UK government’s Cyber Essential Plus.