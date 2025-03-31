Cyber criminals widen the net to target tradespeople

News
By published

Almost 60% of traders have suffered a cyber attack, research shows

A mechanic in a garage cleaning her hands with a blue cloth
(Image credit: Getty Images)

Tradespeople are being warned to take the potential of cyber attacks more seriously after new research showed almost two-thirds had fallen victim to at least one successful attempt in the past.

Commercial insurer NFU Mutual surveyed 500 tradespeople in the UK at the beginning of January 2025. Of the 61% who said they had been a victim of cyber crime in the past, 12% had customer information stolen.

The most common form of successful attack was phishing, with 20% of respondents having fallen for this type of scam. This was followed by 14% who said they had found malware or viruses installed on their computers.

Despite all this, and with 13% of respondents saying they had been targeted in the past 12 months, nearly a quarter (22%) said they were either not very concerned or not concerned at all about cyber crime in their industry. By contrast, only 25% said they were very concerned.

In response, NFU Mutual has urged trades people to reconsider their attitude to this threat.

“Tradespeople are often sole traders or small businesses so may not have the technology or protection in place against these types of attacks and that makes them a prime target,” said Nick Baker, the insurer’s cyber specialist.

"Using digital devices for payments, customer information or supplier details can all be vulnerable, so it is essential to take action against cyber risk, ensuring adequate insurance cover is in place and taking some simple, but effective, steps to try and mitigate this."

The company also highlighted the vulnerability of internet-connected devices such as CCTV and lighting, which can be used to access the corporate network or be recruited into a botnet if not properly secured.

NFU Mutual recommended that tradespeople implement some simple steps to secure their data and devices, including implementing two-factor authentication (2FA), using a firewall, strong passwords, and changing factory set passwords on hardware like routers or IoT devices.

It also recommended creating a business continuity plan (BCP), which should lay out the necessary steps to be taken in the event of a cyber incident, as well as a list of contact details for important people needed in a recovery effort. These could include IT contractors or vendors, insurers, and legal representatives.

Phishing on the rise

It’s not just tradespeople who are concerned about phishing. Research carried out for ITPro’s Future Focus 2025 report found that IT decision makers in large enterprises also consider phishing to be the main threat to their business – overtaking ransomware as their biggest area of concern. Research from analysts Gartner in May 2024 identified the emerging field of AI-enhanced phishing attacks as a new front and major area of concern for large businesses.

Smaller organizations and sole traders can also take a lesson from the recent experience of security expert Troy Hunt, whose email database was stolen in a phishing attack. Hunt was distracted and tired – a feeling probably familiar to many – and fell for a simple scam that seemed at first to be a legitimate customer service contact from his email provider.

Commenting on the attack against Hunt, Aditi Gupta, principal security consultant at Black Duck, said: “This recent phishing attack further highlights that, in the end, we are all humans, and sophisticated phishing attacks could get the best of us."

MORE FROM ITPRO

TOPICS
Jane McCallion
Jane McCallion
Managing Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.

More about security
Red Ubuntu logo appearing on a web browser with a microscope over the logo, placing emphasis on it

Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions
Gold lock floating above a digitally rendered motherboard with blue and red glowing hues, denoting ransomware

Security researchers hack BlackLock ransomware gang in push back against rising threat actor
The words &#039;Harnessing unstructured data to fuel AI&#039; against a purple background and dissolving squares arranges in a circle to represent unstructured data. The words &#039;fuel AI&#039; are yellow and the others are white. In the bottom left corner the Nasuni logo is shown and in the bottom right corner, the ITPro Podcast is shown.

Harnessing unstructured data to fuel AI
See more latest
Most Popular
Red Ubuntu logo appearing on a web browser with a microscope over the logo, placing emphasis on it
Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions
Gold lock floating above a digitally rendered motherboard with blue and red glowing hues, denoting ransomware
Security researchers hack BlackLock ransomware gang in push back against rising threat actor
A busy customer service desk
Omnissa eyes growth with revamped partner program
Female software developer using AI coding tools on a desktop computer with light from screen reflecting in spectacles.
Developers spend 17 hours a week on security — but don't consider it a top priority
A close-up of a digital dashboard showing stock market graphs overlaid onto a world map.
Financial services firms look to AI to improve resilience
Male software engineer working on a laptop at a home office desk with two PC monitors sitting on top of desk.
‘This shift highlights not just a continuation but a broad acceptance of remote work as the norm’: Software engineers are sticking with remote work and refusing to budge on RTO mandates – and 21% would quit if forced back to the office
Ransomware concept image showing a warning symbol in red with binary code in background.
Healthcare systems are rife with exploits — and ransomware gangs have noticed
Application security concept image showing a digitized padlock placed upon a digital platform.
ESET looks to ‘empower’ partners with cybersecurity portfolio updates
Databricks logo and branding pictured on a MacBook Pro screen.
Databricks and Anthropic are teaming up on agentic AI development – here’s what it means for customers
Dell Technologies logo and branding pictured at the company&#039;s stall at Mobile World Congress (MWC) in Barcelona, Spain.
Scale of Dell job cuts laid bare as firm sheds 10% of staff in a year