Tradespeople are being warned to take the potential of cyber attacks more seriously after new research showed almost two-thirds had fallen victim to at least one successful attempt in the past.
Commercial insurer NFU Mutual surveyed 500 tradespeople in the UK at the beginning of January 2025. Of the 61% who said they had been a victim of cyber crime in the past, 12% had customer information stolen.
The most common form of successful attack was phishing, with 20% of respondents having fallen for this type of scam. This was followed by 14% who said they had found malware or viruses installed on their computers.
Despite all this, and with 13% of respondents saying they had been targeted in the past 12 months, nearly a quarter (22%) said they were either not very concerned or not concerned at all about cyber crime in their industry. By contrast, only 25% said they were very concerned.
In response, NFU Mutual has urged trades people to reconsider their attitude to this threat.
“Tradespeople are often sole traders or small businesses so may not have the technology or protection in place against these types of attacks and that makes them a prime target,” said Nick Baker, the insurer’s cyber specialist.
"Using digital devices for payments, customer information or supplier details can all be vulnerable, so it is essential to take action against cyber risk, ensuring adequate insurance cover is in place and taking some simple, but effective, steps to try and mitigate this."
The company also highlighted the vulnerability of internet-connected devices such as CCTV and lighting, which can be used to access the corporate network or be recruited into a botnet if not properly secured.
NFU Mutual recommended that tradespeople implement some simple steps to secure their data and devices, including implementing two-factor authentication (2FA), using a firewall, strong passwords, and changing factory set passwords on hardware like routers or IoT devices.
It also recommended creating a business continuity plan (BCP), which should lay out the necessary steps to be taken in the event of a cyber incident, as well as a list of contact details for important people needed in a recovery effort. These could include IT contractors or vendors, insurers, and legal representatives.
Phishing on the rise
It’s not just tradespeople who are concerned about phishing. Research carried out for ITPro’s Future Focus 2025 report found that IT decision makers in large enterprises also consider phishing to be the main threat to their business – overtaking ransomware as their biggest area of concern. Research from analysts Gartner in May 2024 identified the emerging field of AI-enhanced phishing attacks as a new front and major area of concern for large businesses.
Smaller organizations and sole traders can also take a lesson from the recent experience of security expert Troy Hunt, whose email database was stolen in a phishing attack. Hunt was distracted and tired – a feeling probably familiar to many – and fell for a simple scam that seemed at first to be a legitimate customer service contact from his email provider.
Commenting on the attack against Hunt, Aditi Gupta, principal security consultant at Black Duck, said: “This recent phishing attack further highlights that, in the end, we are all humans, and sophisticated phishing attacks could get the best of us."
MORE FROM ITPRO
- 96% of SMBs are missing critical cybersecurity skills
- Malware-free attacks surged in 2024 as attackers drop malicious software for legitimate tools
- Fake file converter tools are on the rise – here’s what you need to know
-
Why are many men in tech blind to the gender divide?In-depth From bias to better recognition, male allies in tech must challenge the status quo to advance gender equality
-
BenQ PD3226G monitor reviewReviews This 32-inch monitor aims to provide the best of all possible worlds – 4K resolution, 144Hz refresh rate and pro-class color accuracy – and it mostly succeeds
-
Threat hunting for MSPsWhitepaper Are you ready to take your Managed Security Service to the next level?
-
29% of UK SMBs cancelled cyber insurance policies in 2021News Even if SMBs are becoming more concerned about cyber attacks, they’re unlikely to be willing to pay even higher premiums to protect themselves
-
Symantec flags up SMB security threatsNews Security vendors warns SMBs to be on their guard against hackers using them as a way in to larger firms.
-
ICO advises SMBs on avoiding data breachesNews Data protection watchdog publishes guidance to prevent small firms falling foul of the law.
-
DDoS attackers set their sights on SMBsNews Network security vendor claims easy access to DDoS tools is putting more firms at risk.
-
Q&A: Graham Palmer, Intel UK MDIn-depth We spoke to the UK managing director of chip giant Intel to get his thoughts on the company's recent Small Business Index research and industry at large changes during the past year.
-
SMEs stuck in technology dark agesNews Research carried out by Intel suggests smaller businesses are placing themselves at a disadvantage by failing to embrace new technologies.
-
Cisco NSS2000 reviewReviews The NSS family signals Cisco’s moves into the SMB network storage market. In this review we find out whether the NSS2000 has what it takes to stand up to the established names.
