Hacking attacks on businesses happen in the virtual world, but how would they play out in the real world?

Hiscox partnered with British bicycle manufacturer Brompton to show in a tangible way the damage cyberattacks can cause to a business in an imaginative marketing stunt for its own cyberinsurance offering.

The Bermudian-based insurer and re/insurer mimiced the effects of a cyberattack by creating a clone of Brompton’s store in Shoreditch, East London, right across the road from its real one, all done overnight.

Hiscox hired lookalike staff to work in the fake store and stocked the shelves with counterfeit merchandise.

It then illustrated the effects of a ransomware attack, by boarding up the real store and displaying a ransom note demanding cryptocurrency in exchange for re-entry.

A denial-of-service attack was simulated with flooding the real store with a large crowd of fake customers, overwhelming staff.

Genuine stock deliveries were diverted to the fake “3rompton” store, highlighting the potential effects of a phishing scam.

Hiscox claims that one in three UK small businesses have suffered a cyberbreach.

Robert Hannigan, special adviser to Hiscox, said: “Cybercrime is one of the biggest security risks facing businesses today but many aren’t taking it seriously and many more are underprepared.

“It’s a less tangible risk than burglary or a fire which can make it hard for businesses to grasp, so bringing cybercrime to life with an exercise like this is a useful way of conveying an important message.

“The hacking techniques being simulated such as ransomware and phishing are extremely commonplace and have been for many years. At the same time, new types of cybercrime continue to emerge, which makes staying on top of cybersecurity an ever-evolving challenge.”

James Brady, head of cyber at Hiscox, said: “The frequency and severity of cyberattacks on UK businesses is alarming. Cyber criminals are swift, sophisticated and consider businesses of all shapes and sizes worthy targets so it’s vital that organisations are both aware of these risks and prepared to manage them.

“Businesses need to take ownership of their cybersecurity and put solid preventive measures in place. Unfortunately attacks will still get through and being prepared for those attacks is critical.”