Procurement · 18 August 2016

Online crime The scourge of small business

cyber crime
1bn was reported lost by businesses to online crime in the last year
What are the key online crimes small business owners need to watch out for? What steps should you be taking in order to keep your firm safe? Our NatWest expert investigates.

With online crime becoming an increasing threat for small businesses, figures from Get Safe Online and Action Fraud show that from March 2015 to March 2016, 1bn was reported lost by businesses to online crime.

This comes as Action Fraud saw a 22 per cent increase in crimes reported, from 30, 475 between 2014 and 2015 to 37, 070 a year later.

On average, each police force in the UK recorded 19.6m in losses by businesses in its area. However, the true picture could be even higher, as figures do not take into account the amount potentially lost by businesses that choose not to report online crime to the police.

From the latest figures, it’s evident that businesses need to do more to ensure staff across the board have appropriate online fraud awareness training, so that everyone understands their role in keeping the business secure. A substantial amount of attempted fraud against businesses is successful due to the lack of knowledge or sloppy habits of employees.

businesses are a major target for fraudsters and these figures illustrate the significant rise in fraud reports, says City of London Police’s commander Chris Greany, who is also the Police National Coordinator for Economic Crime.

the true figure will be much higher and business owners need to take steps as many of these crimes could be prevented.

Online crimes on the rise

Delving into the figures, it’s evident that mandate fraud is becoming an increasingly worrying issue for businesses. This occurs when a fraudster gets victims to change a direct debit or standing order by pretending to be an organisation that a victim makes regular payments to, for example a business supplier or subscription service.

it’s an extremely targeted approach, and in the last year has seen a significant 66 per cent increase, with 2, 323 reported cases, compared with 1, 403 in 2014 to 2015.

Other types of fraud that have spiralled are CEO fraud where an employee is tricked into making a payment by means of an email purporting to be from a senior manager and extortion, where files on a computer or entire network are rendered inaccessible by ransomware until a release fee is paid.

Corporate employee fraud where employees or ex-employees obtain property or compensation through fraud, or misuse corporate cards and expenses is also on the rise, with 1, 440 cases recorded between 2015 and 2016.

Listed in the top ten most-reported crimes by businesses in the last 12 months, this demonstrates how fraud is not just an external threat, but how vital it is for all businesses to provide staff with the right tools and training to be able to identify signs of suspicious activity, as well as having guidelines in place on whistleblowing.

Hacking is perhaps one of the main issues facing small businesses. A fraudster can hack into a business? server or an employee’s personal computer, or access email/social media accounts to obtain private information. In its various forms, hacking has been one of the most widely reported types of fraud in the past year, with 1, 314 reported cases.

Specifically targeted fraud



Marcelino Castrillo is MD of business banking at RBS in September 2015. ? Prior to to that, Castrillo was MD of SME banking at Santander, where he was responsible for leading the challenge of scaling Santander's business bank and managed the business through a period of significant change.