Our Scale-Up 50 2024 list is live - find out who made the list!

Why You Need To Get Serious About Cyber

You should already have the basics of cyber security covered. But as a scale-up, you need to be doing so much more.

Photo by Shahadat Rahman

By your very nature, you’re expanding rapidly – your risks can change week to week, even day to day. Hybrid working is making it harder to oversee how staff are accessing files and networks too. These are all things that could make you a target for the kind of attacks that, in 2022-23, affected 59% of medium-sized UK businesses.

These attacks aren’t cheap either. The average annual cost of cyber crime for UK businesses is around £15,300. Yet the real toll is a lot higher. Those that report attacks also report a loss of money, data or other assets, as well as a loss of staff time, business disruption, and the need for new security measures. And those aren’t the only reasons to get serious about it…

Avoid fines of up to £17.5m

A cyber event – whether it’s a data breach, network outage or overload, threat to pressure you into paying money, or simply human error – can wreak havoc with your systems. But it also poses a huge risk to your data.

While finding yourself without the information you need to make critical decisions (like sales data and business plans) is one thing, it’s a loss of customer information that can really land you in hot water. Make a mistake here, and you could be fined up to £17.5 million or 4% of your total annual turnover.

And that’s not a bluff. In 2020, British Airways were handed a £20 million fine for failing to protect customer data. They had been processing “a significant amount” of it without adequate security measures in place, and when they were attacked in 2018, the data of 429,612 people was stolen.

As if the fine wasn’t enough, BA’s reputation fell to a four-year low in the immediate aftermath. The result? Damaged share prices and customer satisfaction rates.

Photo by Philipp Katzenberger

Keep your reputation intact

BA’s position as an industry leader no doubt mitigated against some of the reputational damage. But that’s a luxury that most scale-ups can’t afford. Face it: if you get hit by a major breach that reveals your customer data, who’s going to want to invest in you?

And it’s not just their financial support you’ll be losing. Customers voice dissatisfaction with their wallets too. Look at TalkTalk. In 2015, a cyber breach stole their information on 150,000 customers. In this case the fine was comparatively small, but 100,000 people stopped using their service. This meant the hack cost them £42 million, and their shareholders approximately £60 million.

The lesson here? Investors, clients and the public are all interested in data protection – not just because it’s an invasion of privacy, but also because an attack can place them in significant financial danger. And they’ll make no secret of who they believe is at fault.

Own the narrative

There’s no bulletproof approach to preventing attacks. But by demonstrating you’ve robust protections in place, you can avoid penalties and limit reputational damage.

The first 48 hours following an attack are considered the most important when it comes to minimising business interruption and data loss. A good breach response service offers 24-hour support and access to forensic specialists who work quickly to secure your data, eradicate the threat and find what caused the breach. They also provide critical evidence for civil, criminal, tribunal and disciplinary action.

With a breach response service to call upon, you can take control over the situation. No, you can’t change what's happened. But you can reassure your stakeholders that everything is being done to minimise the damage.

Photo by Towfiqu barbhuiya

Stay in control as you scale

Immediate access to a breach response service is a key feature of any decent Cyber insurance policy. These policies also step in to cover more than just what’s outlined here, including the costs of investigations, crisis communications, forensic services, legal and regulatory advice, business interruption, data restoration and liability.

Of course, the biggest benefit to insurance is always peace of mind. With protections in place, you can get back to focusing on what you do best: supporting customers and growing your scale-up.

But this is only true if you have a policy that actually reflects the nature of your business. Not sure what that looks like? Get in touch.

Share this opinion

Contact us

Take your next step.

If you’re interested in how we can help or just want to introduce yourself, get in touch. We’re always happy to talk. Alternatively you can book a meeting with one of the team using the Capsule Calendar.

By clicking the submit button, you are agreeing to our Fair Processing Notice.

Follow us


Capsule Insurance Services Limited Festival House, Jessop Ave, Cheltenham GL50 3SH

Next-level thinkingfor scale-up businesses

Capsule Insurance Services Limited t/a Capsule are an Appointed Representative of James Hallam Limited who are authorised and regulated by the Financial Conduct Authority (FCA), under Firm Reference Number (FRN) 134435. Capsule's FRN is 948838. Registered in England and Wales company number: 13340821. Registered office is 48 Belle Vue Terrace, Malvern, England WR14 4QG.

Book a meeting