Cybercrime: A clear and present danger

Stewart Thom, RBS By Stewart Thom, Customer security business partner, Royal Bank of Scotland

28 September 2016

Cybercrime is an increasing issue for businesses across all sectors, inflicting both reputational and financial damage for thousands of companies in the UK. The Royal Bank of Scotland has a team of dedicated specialists working hard to keep customers safe. Stewart Thom, Customer Security Business Partner with the bank offers some advice.

There’s often a cliched assumption that only the elderly and the vulnerable who fall victim to scams.

The knock on the door from the cash-only salesman, the rattle of the fake charity box on the high street, those traditional tales still grab the headlines and tug at the heartstrings.

But the hard reality is that the growing swell of financial crime isn’t face to face – it is the faceless issue of cybercrime.

Latest figures from Get Safe Online and the UK’s national fraud and cybercrime reporting centre,  Action Fraud, reveals that UK businesses have reported a 22% increase in cyber crime in the past year, resulting in more than £1bn in losses.

According to data released in August, UK businesses reported losses of £1,079,447,765 over 2015/2016.

On average, each police force in the UK recorded more than £19.5m in losses by businesses in their area, but police say the true figure could be even higher as not all cyber crimes are reported.

Some of the major issues identified in the study show that mandate fraud is becoming an increasingly worrying issue for businesses, where fraudsters trick employees into changing a direct debit or standing order by pretending to be a supplier.

Other types of crime which have become more commonplace includes whaling attacks or business email compromise – where an employee is tricked into making a payment by means of an email purporting to be from a senior manager – and extortion, where files on a computer or entire network are rendered inaccessible by ransomware.

But it is hacking which is the most common and widely reported crime by businesses.

A criminal can hack into a business's server, an employee’s personal computer, or access email and social media accounts to obtain private information.

Royal Bank of Scotland uses IBM’s Rapport facility to help customers deal with the issue of hacking – but other agencies are coming to Royal Bank of Scotland to not only raise awareness of the general cybercrime issue – but to help tackle it too.

The City of London Police Force is responsible for London’s Square Mile financial district, and leads the UK’s Action Fraud cyber crime reporting centre. The Royal Bank of Scotland consulted with the force to advise on the problem.

According to Stewart Thom, Customer Security Business Partner with Royal Bank of Scotland, here are five things all businesses should keep in mind to stay ahead of the issue:

1. It is a question of when, not if, your business will be targeted: No business in Scotland is immune to cyber attack; businesses large and small are targeted for the data they hold, the funds they process and the services they provide.

2. Cyber attacks are no longer ‘just’ about theft of data: cyber attacks today can disrupt customer services and business operations alike.

3. Managing cyber risk should be at the top of your agenda: A key step for businesses to take is to recognise that cyber risk is business risk. It should be managed alongside other risks to your business, with someone at the top of the business responsible for managing cyber risk across the organisation.

4. Its not all doom and gloom; some simple steps can help you stay safe: Getting the security basics right will stand you in good stead against cyber attack. It is important that you understand what your most important information is, where it is held and how it is protected. Implementing the right process and technical controls will protect you from 80% of basic cyber attacks (according to the UK Government).

5. Cyber security is too important to leave to technology: 90% of cyber attacks begin with the bad guys targeting an employee in an organisation, not the technology that they use. The best technical controls in the world will count for very little if your staff are still using ‘password’ as their password. Training and awareness is a vital part of helping your business stay safe, you need to build a strong security culture.

If you want to find out more, ICAS, in association with Royal Bank of Scotland, are running a series of free events in Scotland, helping you and your clients to understand the latest scams and identify how to stop cyber-attacks.

Book your place now

About the author

Stewart Thom is a customer security business partner with the Royal Bank of Scotland. A specialist on the issues of cybercrime, he regularly hosts seminars outlying the dangers the issue creates for industry today.

About the company

The Royal Bank of Scotland is one of the biggest supporters of the Scottish SME sector. Formed in 1727, the Edinburgh headquartered bank has a team of dedicated professionals’ sector specialists across Scotland. It became an ICAS community partner in 2016.

For more information regarding Royal Bank of Scotland and how they can help your business, contact Paula Ritchie at or Gavin Wilson at

This blog is one of a series of articles from our commercial partners.
The views expressed are those of the author and not necessarily those of ICAS.


  • Practice hub
  • Technology

Previous Page