Risk & Insurance
What is a Cyber Attack and How Can You Help Protect Your Business?
Here are the different types of cyber-attacks, and how you can protect your business

With more business conducted online than ever before, we rely heavily on our computers and the internet to help us communicate with customers, process orders and more. While this can make our life easier and help us feel more connected to the world around us, it also puts us at risk of a cyber-attack. Find out more about what cyber-attacks are, how they may affect your business, how you can help protect yourself from cunning cybercriminals, and more, below.

What is a cyber-attack?

A cyber-attack is a digital assault launched by cybercriminals against a computer or a computer network. A cyber-attack may target a single computer, a wider computer network or the data housed within a computer network. They can be carried out in many ways, but the perpetrators typically share common goals such as:

●    Disabling a computer or a computer network
●    Stealing or destroying data
●    Altering data
●    Collecting sensitive information to be used for financial gain
●    Corporate espionage

Cyber-attacks can be launched against both organisations as well as individuals.

Types of cyber attacks

There are many different forms of cyber-attacks used by cybercriminals across the globe. Although they can vary greatly in terms of their aims and how they are carried out, most fall into one of two categories: active attacks or passive attacks. Active attacks aim to affect the operation and availability of a computer or computer system, while passive attacks will collect data without a detectable effect on the use of a computer or computer system. 

From bold assaults to quieter collections of data, some of the most common types of cyber-attacks include:

Denial-of-service (DoS)

Denial-of-service attacks occur when a computer system, server or network is overwhelmed with data requests or high levels of traffic. By overloading the system, it is unable to execute any legitimate requests, preventing regular users from accessing a website, a server, or a system. When many computers are used to launch the attack, it is known as a distributed-denial-of-service (DDoS) attack.


Malware refers to a broad range of malicious software. The uses of malware do vary, with some actively installing harmful software, while others collect and transmit data to an external party or look to disrupt the computer system, causing problems for the owner. Malware is generally introduced to a computer or computer system when a dangerous link is clicked, or an email attachment is downloaded. Common forms of malware include:

● Ransomware
● Viruses
● Spyware
● Trojans

Man-in-the-middle (MitM)

Sometimes referred to as eavesdropping attacks, man-in-the-middle attacks occur when cybercriminals intercept the information being sent between the user and the web service they are using. This style of attack allows cybercriminals to collect sensitive personal information, such as passwords, usernames, and payment information, and occurs more commonly with unsecured websites and compromised WiFi networks.


Phishing is one of the most common forms of cyber security attack. It typically sees cybercriminals send fraudulent emails to users, requesting personal and financial information or encouraging the user to click on a link that will download malware to their device. Phishing can be used with a variety of unsavoury goals in mind, including:

● Stealing account login credentials and other sensitive information
● Installing malware
● Financial fraud



Ransomware is a type of malware that is used by cybercriminals in the hopes that the user will pay a ransom to prevent personal or sensitive data being published and / or regain access to files that have been encrypted. This tactic has become substantially more prevalent amongst cybercriminals in recent years.

Zero-day exploits

Cybercriminals will take advantage of unknown vulnerabilities within software or applications either before the developers have established that the vulnerability exists or before they have had sufficient time to develop a patch to address the vulnerability.

Consequences of cyber attacks

While the objectives of cybercriminals do vary, any form of cyber security attack could have serious consequences for your business. Some potential impacts include:

● Financial loss through the theft of money or disruptions to your business operations
● Damage to your business’ reputation
● Loss of time as you attempt to rectify any security issues
● The exposure, altering or destruction of business records or customer information
● Loss of business
● Loss of revenue
● Loss of intellectual property

How to protect your company from cyber attacks

Although cyber-attacks can be a threat to your business, there are some cyber safety precautions you can take to help protect yourself. These include:

● Using antivirus software to help protect against dangerous malware
● Implementing firewalls to reduce the risk of infiltration by cybercriminals
● Turning on spam filters to lower the chances of your staff opening phishing emails
● Backing up your data as a safeguard against losing information during a cyber attack
● Encrypting sensitive information, such as client details
● Updating system access permissions regularly, especially when an employee leaves the business
● Introducing multi-factor authentication to make it more difficult for attackers to gain access to your online accounts
● Educating your employees about password hygiene and how to reduce the risk of cyber attacks
● Taking out a cyber security insurance policy to help protect your business in the event of an attack

Looking for more great resources to guide you as you run your small business? Stop by our small business blog for more tips, tricks and guides or why not check out our article on how to stay cyber safe whilst working remotely.