Cyber-attacks cost average small businesses around £25,7003 a year

Hiscox has staged a “real world” cyber-attack on a bike manufacturer, Brompton Bicycle, to illustrate what it feels like to be hacked and the risks involved.

It constructed an imitation store called “3rompton” with “knock-off” counterfeit stock and staff doppelgangers which opened for trading on the opposite side of the road.

The insurer captured the reactions of the Shoreditch-based retailer’s original staff as they watched a series of hacks unfold.

Meanwhile the real store was boarded up displaying a ransom note demanding bitcoin in exchange for re-entry with genuine stock was re-diverted to the imitation store.

The imitation store was then flooded with fake customers who overwhelmed staff simulating a denial of service (DDoS) attack, where the perpetrator seeks to make a machine or network resource unavailable to its intended users temporarily or indefinitely disrupting services of a host connected to the internet.


The insurer used common hacking techniques such as ransomware and phishing.

The cost of attacks

According to Hiscox one in three (33%) of the UK’s small businesses have suffered a cyber breach.

Cyber-attacks cost the average small business £25,7003 a year directly for example the costs of IT experts in response to the incident, lost revenue and replacement systems.

Whereas Indirect costs such as damage to reputation, the impact of losing customers and difficulty attracting future customers, means the true figure can be significantly higher.

James Brady, head of cyber at Hiscox, explained: “The frequency and severity of cyber-attacks on UK businesses is alarming. Cyber criminals are swift, sophisticated and consider businesses of all shapes and sizes worthy targets so it’s vital that organisations are both aware of these risks and prepared to manage them.

“Businesses need to take ownership of their cyber security and put solid preventative measures in place. Unfortunately, attacks will still get through and being prepared for those attacks is critical.”


Will Butler-Adams, chief executive at Brompton Bicycle, said that the firm wanted to work with Hiscox to highlight the risks involved in cyber-crime.

He continued: “When people copy us, with little understanding of the engineering and care behind the design, they are trying to fool our customers who may go on to buy a potentially dangerous product.

“Our business is about our bike; the design, function and support we give to our customers over the life of the product.

Robert Hannigan, former director of GCHQ and Special Advisor to Hiscox, added: “Cybercrime is one of the biggest security risks facing businesses today but many aren’t taking it seriously and many more are underprepared.

“It’s a less tangible risk than burglary or a fire which can make it hard for businesses to grasp, so bringing cybercrime to life with an exercise like this is a useful way of conveying an important message.”

On New Year’s Eve hacking group the Dark Overlord threated insurers of the World Trade Centers over the release of information on the 9/11 terrorist attacks. 

Lloyd’s of London and Hiscox are among those to be threatened.