Cyber-crime is now run as a business yet many firms are burying their heads in the sand, according to experts.

There has been an increase in reported cyber-attacks, with the WannaCry malware targeting companies and organisations around the world.

Gary Hibberd, managing director at Wakefield-based cyber security business Agenci, said cyber firms are having to work harder than ever to stay one step ahead of cyber terrorists.

“We’ve got to recognise that cyber-crime is a business, it’s crime as a service and hackers and cyber criminals have productised their tools,” he told BusinessCloud.

READ MORE: Cyber security 'as important as physical security'

Gary Hibberd

“I was at a conference where a detective inspector said that 50 per cent of all crime now has a cyber aspect to it.

“That could be cyber-crime as we know it right up to a burglar who uses Facebook to identify people who are going on holiday and then uses Google to look at a street to see where the access points of a house are.”

Andrew Stellakis, the managing director of IT specialist Q2Q, says cyber terrorists are having a “field day” caused by the uncertainty around Brexit.

Among the bad practices Stellakis has witnessed is a chief executive who didn’t want to keep changing his password every four weeks to access the company network.

“He didn’t like the idea of remembering a complex password so he was the exception to the company policy,” he said.

READ MORE: Half of small businesses 'unprepared' for cyber attack


“I told him that by using his user name and password – both of which I guessed – I could access company data.

“That company wouldn’t stand a chance in court because nobody could say they were taking fair steps to protect themselves.”

Hibberd says the key for the industry is being agile enough to adjust to new threats.

“A business has to constantly be looking in every direction for when and how an attack might come, whereas a cyber-criminal has to find just one chink in your armour,” he added.

“There’s no such thing as 100 per cent secure but you need to put precautions in place, as you’d put locks and an alarm on your home.”

One business Agenci worked with refused to have their system automatically lock because they didn’t want to waste time re-entering passwords. “That made me shake my head in disbelief,” he said.

“People also don’t have a grasp of where their data sits. One company held data about children and school leavers, but when I asked where that data was, they didn’t know what that meant.”