Tradespeople are being warned to take the potential of cyber attacks more seriously after new research showed almost two-thirds had fallen victim to at least one successful attempt in the past.
Commercial insurer NFU Mutual surveyed 500 tradespeople in the UK at the beginning of January 2025. Of the 61% who said they had been a victim of cyber crime in the past, 12% had customer information stolen.
The most common form of successful attack was phishing, with 20% of respondents having fallen for this type of scam. This was followed by 14% who said they had found malware or viruses installed on their computers.
Despite all this, and with 13% of respondents saying they had been targeted in the past 12 months, nearly a quarter (22%) said they were either not very concerned or not concerned at all about cyber crime in their industry. By contrast, only 25% said they were very concerned.
In response, NFU Mutual has urged trades people to reconsider their attitude to this threat.
“Tradespeople are often sole traders or small businesses so may not have the technology or protection in place against these types of attacks and that makes them a prime target,” said Nick Baker, the insurer’s cyber specialist.
"Using digital devices for payments, customer information or supplier details can all be vulnerable, so it is essential to take action against cyber risk, ensuring adequate insurance cover is in place and taking some simple, but effective, steps to try and mitigate this."
The company also highlighted the vulnerability of internet-connected devices such as CCTV and lighting, which can be used to access the corporate network or be recruited into a botnet if not properly secured.
NFU Mutual recommended that tradespeople implement some simple steps to secure their data and devices, including implementing two-factor authentication (2FA), using a firewall, strong passwords, and changing factory set passwords on hardware like routers or IoT devices.
It also recommended creating a business continuity plan (BCP), which should lay out the necessary steps to be taken in the event of a cyber incident, as well as a list of contact details for important people needed in a recovery effort. These could include IT contractors or vendors, insurers, and legal representatives.
Phishing on the rise
It’s not just tradespeople who are concerned about phishing. Research carried out for ITPro’s Future Focus 2025 report found that IT decision makers in large enterprises also consider phishing to be the main threat to their business – overtaking ransomware as their biggest area of concern. Research from analysts Gartner in May 2024 identified the emerging field of AI-enhanced phishing attacks as a new front and major area of concern for large businesses.
Smaller organizations and sole traders can also take a lesson from the recent experience of security expert Troy Hunt, whose email database was stolen in a phishing attack. Hunt was distracted and tired – a feeling probably familiar to many – and fell for a simple scam that seemed at first to be a legitimate customer service contact from his email provider.
Commenting on the attack against Hunt, Aditi Gupta, principal security consultant at Black Duck, said: “This recent phishing attack further highlights that, in the end, we are all humans, and sophisticated phishing attacks could get the best of us."
MORE FROM ITPRO
