Is your business in need of AC-12?Feb 01, 2022
The climax of the latest season of Line of Duty felt like a throwback to the analogue age of home entertainment. The era when you had five channels to choose from, ropey picture quality and, if you stayed up very late, a glimpse of Test Card F (the one with the 60s girl playing on a blackboard). Why? Because 15m people watched, nearly all at the same time (making it the most popular TV drama this century), and everyone was talking about it. The controversy around the unmasking of ‘H’ only fuelled the debate, bewildering those unfamiliar with the series (The Times had record complaints about the deliberate mis-spelling of ‘definitely’). After six seasons of police corruption we are all wondering if there are any coppers who are not bent. But there is another, more pertinent question to be posed. Should founders be worrying about crime?
The risk of violent crime has fallen from 4.7% of adults being a victim in 1995 to 1.6% in 2020. So our persons are relatively safe. Our property is less so. As individuals we constantly run the risk of being defrauded. A cursory glance at your email junk box will remind you that the threat of crime is only ever a careless click away. The reason why there are so many automated pfishing calls is because they work. If they didn’t, the fraudsters would move on to some other tactic. About 4m people a year are defrauded, although this is thought to be underreported. This figure will only rise as now caller ID can be spoofed. The opportunities for criminals to exploit are legion.
What about crimes against your business? This is not a start-up topic with much social currency, but it should be, not least because it is fascinating. The threats your business faces depend on the sector you are in. According to the Government’s latest survey on commercial victims, 21% of wholesale and retail businesses experienced theft. There were 19,300 incidents per 1,000 premises, with a median loss of £626. In agriculture, forest and fishing, there was a decline in burglary, theft and vandalism, but a rise in trespassing and poaching. Unauthorised grazing remained static. In accommodation and food there was a general decline, but they still recorded 5,000 incidents per 1,000 premises.
That’s a lot of crime to be dealing with. An average of 69.2 business crimes occur every hour in England and Wales. Business owners can expect to be facing a large number of tricky situations, with 83,032 cases of customers making off without paying, 9,835 acts of employee theft, 8,256 robberies, 6,886 attempted burglaries and 437 armed burglaries.
Technology businesses may be physically safer, but they still face virtual threats. 65,000 SMEs are cyber attacked every day and a business is successfully hacked every 19 seconds. 25% of UK businesses suffered a cybercrime in 2019 (double the level in 2015). Cybercrime costs business £13bn per year and an average of £6,000 per incident:
Source: IT Governance
The same survey found that threats were now discussed at board level by 20% of small businesses and 24% of medium-sized business. This is nowhere near enough, not least because most businesses are at risk: only 9% have a cyber security policy, 10% cyber insurance, and 10% have an intrusion-detection system. Bizarrely 66% attacked businesses take no further action, which is why 56% of businesses that are breached suffer again.
Your chances of experiencing business crime are high, with 8m incidents per year in the UK. Half of SMEs have been victims within the past two years. A UK business is more likely to be the victim of crime than a global one (56% to 47%). Sometimes the effect of crime is indirect. 39% of UK businesses in one PWC survey suspected the payment of a bribe had lost them a commercial opportunity to a competitor. (That’s a great stat for any agencies looking to console themselves after an inexplicable pitch loss).
So there is a lot of business crime and you have a high chance of becoming a victim. What can you do to protect yourself? A lot actually. Here are a few things to consider:
· Risk: Do a full risk assessment of your business. Where would you attack it? List all the threats, rank them and then find mitigations for them all. Invite other leaders or an external expert to do the same to review your assessment and protocols.
· Security: Physically secure your assets. Protect your premises by limiting public access. Ask people to lock any kit away. Have a visible alarm. Don’t make it easy for thieves.
· Technology: Provide kit to your employees which you can control. If you have a BYO policy, make sure everyone’s anti-virus software is up to date. Have back-ups of everything. Talk to your CTO to understand what software you need to detect and protect your business systems against cyberattacks. Set up your own tracking and reporting to spot potential anomalies in customer behaviour.
· Process: Keep a record of who should have access to what. Only give people access to what they need and make sure you take it away when they leave. Set clear guidance for digital security protocols, such as the strength and recency of password changes. Track all incidents of attempted fraud. Map out in advance what you will do in each scenario, such as a denial of service or ransomware attack. Have a business recovery and continuity plan that all the leadership and operational staff are aware of. Consider taking out specialist cyber insurance to protect you against any losses.
· People: Just over a third of cybercrime is attributed to employees, whether this be malicious intent or mistakes. A system is only as strong as the people who support it. Make your staff aware of the issues and train them on specific processes. Have written policies on bribery and corruption so you don’t inadvertently find yourself on the wrong side of the law.
The extent to which you invest time an money will depend upon your business’s operations, assessment of and appetite for, risk. Fintechs need to do far more to protect themselves and their customers than a fashion retailer. Anti-money laundering and fraud prevention become a major cost centre and part of the business model, determining the ability to scale. The international gold standard is ISO 27001. Check it out and see how you could implement it in your business.
Business crime is another hurdle on the obstacle course founders have to navigate to succeed. Think of it like a game of snakes and ladders. Taking action to protect yourself won’t help you climb to the next level, but it should stop you from sliding back down when you land on a peril that was evident all along. Don’t leave it to chance. And for all the hassle, at least you shouldn’t have to worry about OCGs, ‘H’ or AC-12 knocking your office door down.
UP AND TO THE RIGHT.