cyber security misconceptions

Common cyber security misconceptions to look out for

Common cyber security misconceptions

Any business that relies on computer systems in any way to carry out normal operations is at risk from cyber security threats, so managing the risk of these threats is vital. However, many people have misconceptions about cyber security and because of this, take little precaution to protect themselves from cyber attacks, which can and in turn, leave themselves vulnerable.

We’re taking a look at some of the most common misconceptions based on information from one of our insurer partners, CFC, and some ways in which you can overcome them.

Cyber security

What are the biggest cyber security errors?

1. I have strong passwords, so I am secure online

A major problem with using passwords as your only form of security is that unless you use password generators, it is extremely difficult to make your passwords fully secure. Not only that, but many people reuse the same password over several of their accounts. This means that if a cyber criminal manages to gain access to one account, it becomes far easier for them to hijack multiple, and potentially collect a vast amount of sensitive data.

However, even if your passwords are strong, and you are using a different password for every account – some criminals can still access your accounts by brute force attacks. These are hacking methods that use trial and error to obtain passwords, login credentials and encryption keys.

The most effective way to prevent criminals from accessing your accounts is by implementing multi-factor authentication methods, such as time based one-time passcodes, open authorisation tokens, authenticator apps or biometrics.

2. My business is too small to be the target of a cyber attack

Small businesses often lack the resources to invest in IT security tools or to provide thorough training. Therefore, they are amongst some of the most vulnerable targets. This means the financial protection afforded by cyber insurance is crucial for small businesses because they do not have as much financial flexibility as large businesses may have, especially with short to medium term losses.

3. Phishing attacks are obvious

Gone are the days where phishing attacks are only carried out through easy to spot emails, that contain hyperlinks to infected web pages. Phishing attacks are becoming increasingly sophisticated and in turn, harder to spot. They can range from innocent looking emails to pop-ups, ads and company communications that tempt you to click on a link, and since the number of attack methods is increasing, so is the likelihood that an individual will be caught out.

Click here to find out how to spot phishing attacks early on.

4. Anti-Virus Software is enough to keep me protected online

Any anti-virus or anti-malware software will first need to detect how a particular malware works before identifying and neutralising it. Because of this, creators of malware are able to constantly release new threats which can go undetected. According to dataprot, anti-virus software is only 25% successful at detecting malware on average and as many as 1 in 5 internet users have been a victim of a malware attack at least once. This means, even with software intended to protect your organisation from cyber attacks, you could still be at risk.

While we recommend using anti-virus software along with other security measures, using just one piece of software might not be enough. Other measures you could put in place include using a virtual private network (VPN), which puts your data into an encrypted tunnel; using a password manager to prevent you or your employees using the same passwords over multiple accounts; and carrying out regular system backups so if a virus does infect your system, you can recover your organisations files and data.

5. We have IT security, so we don’t need cyber insurance

While IT security is an excellent precautionary measure, cyber criminals are becoming increasingly sophisticated in their methods and could still cause damage regardless. Theft of funds, ransomware, extortion, and data breaches all usually start with human errors such as losing a laptop or clicking on phishing links. Cyber Liability Insurance can protect you from the financial consequences of all of these. By adding this secondary layer of protection, you can ensure your business can continue to run smoothly should an attack occur.

We're here to help

At Barnes Commercial, we work closely with our clients to gain an in-depth understanding of their business, so we can assess the potential risks being faced. This means that our recommended insurance programme will be unique to your business, so if you should fall prey to a cyber related incident, you can be confident that your business will be protected.

Arrange an appointment to talk to us today about how we can help you to develop a Cyber Liability Insurance package for your business needs. You can call us on 01480 272727 or send an email to

Nick Long

Authored by: Nick Long

Head of Insurance

13th December 2022