In our ever-evolving business landscape, cybersecurity remains a critical point of focus. Cybercriminals exhibit no discrimination in their choice of targets, with media attention often highlighting large-scale attacks on major corporations and organizations such as the NHS, British Airways, and more recently, MGM Resorts. In the words of former IBM CEO Ginni Rometty:


“Cybercrime is the greatest threat to every company in the world.”


American business and investor, Warren Buffett went a step beyond by emphasizing that cyberattacks represent the most significant threat we encounter, surpassing the gravity of nuclear weapons, a deadly pandemic, or the most catastrophic natural disaster one can envision. And nobody – from huge corporations to one-person operations – is safe or secure from cybercrime.




Global cybercrime currently carries a staggering price tag of £6.4 trillion each year, equivalent to £150,000 every second. Projections indicate that this figure is poised to surge to £8.4 trillion annually in the near future, surpassing the economies of every nation worldwide except the United States and China. In dollar terms, this astronomical sum reaches $10.5 trillion, representing the most substantial transfer of economic wealth in human history. This unprecedented scale of cybercrime not only threatens incentives for innovation and investment but also eclipses the economic impact of natural disasters within a single year. Furthermore, it looms as a formidable force, poised to generate more profit than the combined global trade of all major illegal drugs. The implications of such financial magnitude underscore the urgent need for robust cybersecurity measures on a global scale.




The media spotlight rarely extends to smaller enterprises or SMEs, creating a misconception that they are immune to cyber threats. However, the reality is quite the opposite, as SMEs are frequently targeted and find themselves in a precarious position. SMEs face significant challenges in prioritizing and implementing robust cybersecurity measures. Often constrained by limited resources and lacking the financial strength of their larger counterparts, SMEs navigate the complex landscape of cybersecurity with fewer defences. Compounding the issue is the prevailing belief among many SMEs, especially amidst economic downturns, that investing in cybersecurity or maintaining strong cyber hygiene is a luxury beyond their means. Consequently, many SMEs are treading water, unaware of the vulnerabilities that could make them susceptible to cyberattacks. In particular, two forms of cyberattacks make us particularly vulnerable – those stemming from malware or ransomware.



Malware refers to any software deliberately crafted to disrupt the normal functioning of a computer, server, client, or computer network. Its malicious intent may include causing system disturbances, leaking private information, gaining unauthorized access to data or systems, denying access to information, or surreptitiously interfering with a user’s computer security and privacy. The pervasive presence of malware poses a significant threat to the security of digital systems. Highlighting the alarming scope of this menace, a staggering statistic emerges daily with 560,000 new instances of malware identified, accompanied by the registration of over 450,000 new malicious programs and potentially unwanted applications (PUAs). The current malware tally stands at over 1 billion malware programs worldwide. Faced with such daunting numbers, anyone neglecting the importance of robust antivirus and anti-malware measures is ill-prepared for the challenges ahead.




Ransomware is a subset of malware. For those of us who need a refresher about ransomware, it is a form of malicious software strategically created to block a user or organization’s access to their computer files. This is achieved by encrypting the files, accompanied by a demand for a ransom payment in exchange for the decryption key. Cyber attackers leverage this tactic to compel organizations into a situation where paying the ransom becomes the most straightforward and cost-effective method to restore access to their files. Certain iterations of ransomware go beyond mere encryption, incorporating additional features like data theft to intensify the pressure on victims to comply with the ransom demands. The inception of ransomware attacks dates back to 1989 when Joseph Popp, Ph.D., targeted 20,000 AIDS researchers in 90 countries. Since then, this malicious threat has persisted over the years. The Guardian says that ransomware is


“The defining cybercrime of the 2020s and hackers are only just beginning to exploit its potential to make money and sow mayhem.”




One notable incident etched in memory is the infamous 2017 WannaCry attack, which targeted over 300,000 computers operating on the Microsoft Windows system. This enduring cryptoworm, still active, inflicted an estimated $4 billion in losses on companies and organizations across 150 countries, with the NHS and FedEx experiencing severely hit, the former bearing a cost of more than £92 million following the attack. Ransomware’s impact amplified significantly during the pandemic. In 2020, the attack on the American software company SolarWinds affected over 18,000 of its customers. A year later, the assault on the Brazil-based meat processing company, JBS, disrupted operations in the United States, Australia, Canada, and Brazil, compelling the company to pay an $11 million ransom in Bitcoin. Lindy Cameron, the CEO of the UK National Cyber Security Centre (NCSC) tells us:


“Ransomware remains the biggest online threat to the UK and we are clear that organisations should not pay ransom demands.”




Are there any solutions to these potentially devastating cyber threats? Put simply, yes there are. When SMEs focus on cybersecurity basics, they are much less likely to be overcome by a cyberattack. These basics include always-on security with password policies, updates, systems inventory, monitoring, email security, comprehensive data backups and a lot more. Once these controls are in place, the risk of any cyberattack is reduced by more than 90% – providing they are rigorously adhered to. Zhero’s CEO and Founder, Izak Oosthuizen, gives us the low-down on cybersecurity basics in his latest best-selling book, You Don’t Need a £1 Million Cybersecurity Budget, out now on Amazon.




You Don’t Need a £1 Million Cybersecurity Budget is an invaluable tool for SMEs wanting to transform their cybersecurity. The book focuses on all the security issues that confound small businesses, including those with backups, inventory and assets, IT policy, email security, password management, and much more. The exponential market growth of AI and IoT has also opened up a can of worms, not only for cybersecurity but for data protection, privacy, and compliance. Using his keep-it-simple-and-straightforward approach, Izak takes readers on an in-depth cybersecurity journey, showing them how to eradicate threats by embracing the basics of IT security. And here’s a closing comment from Professor Ben Azvine, the Global Head of Security Research at BT:


“You Don’t Need a £1 million Cybersecurity Budget is a must-have for any SME wanting to secure its place in the digital future.”


Any cybersecurity questions for Izak? Get in touch here and now.

Leave a comment