Email and Social Media hacks cost businesses £3.8 Million in the last 12 months

Unsecured social media and email accounts with organisations, such as limited companies, sole traders and charities, reported losing £3.8 million to these crimes to hackers between February 2020 and February 2021.

Alongside The City of London Police, the Cyber Resilience Centre wants to reaffirm the message for you to secure your social media and email accounts. Criminals managed to compromise more than 15,000 accounts in the past year.

The national reporting centre for fraud and cybercrime, Action Fraud received 15,214 reports of email and social media hacking between February 2020 and February 2021 – with 88 per cent of victims being individuals who had their personal accounts compromised by criminals. 23% of victims were aged between 20 and 29.

For organisations, such as limited companies, sole traders and charities, there were significantly fewer reports (1,741 reports of hacking), they reported loses of £3.8 million to these crimes compared to the £283,500 lost by individual victims.

The NFIB's research showed that during the financial year 19/20, Facebook, Instagram and Snapchat were the most reported platforms on which people had their social media accounts compromised.


One business account who saw their Instagram hacked, was extorted for money in order to regain access to the account. The suspect continued to demand more money, despite the business originally paying the first ransomware demand.


When your social media or email accounts are compromised the loss isn’t just financial. Research conducted by the NFIB found that victims said having their account compromised has a significant or severe emotional impact, as intimate photos and private details can be exposed.

How can I protect myself and my business and keep my accounts secure?

  • When did you last update your password? Make sure you are using a strong and separate password to protect your email - Don't use the same password on multiple accounts! Make sure that you're protecting your other important accounts, such as banking or social media.

  • Always enable two-factor authentication (2FA). It really simple to set up and will help you to stop hackers from getting into your online accounts, even if they find your password.

  • Be wary of messages which ask for your login details or authentication codes. Despite some messages appearing genuine or claiming to be from someone you know.

  • Use online support or help pages. If you can't access your account, you'll often find information about how to recover your account.

  • Always report suspicious emails you have received. Please forward scam emails to report@phishing.gov.uk. and suspicious texts you have received but not acted upon to 7726.

What can I do if my account has been compromised?

If you lose access to your account or a hacker has taken control, please follow the NCSC’s guidance on how to recover a compromised account.


If you receive a demand for money, do not pay the suspect so you can regain access to your account. It’s likely that the suspect will demand more money instead of giving you control of your account back.


If you have paid any money, contact your bank immediately and report it to Action Fraud online or call 0300 123 2040 as soon as possible.


Other ongoing scams to watch out for include; Fake Netflix emails, Post Office Scams & COVID-19 vaccine appointments.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.