Two Norfolk firms have lost tens of thousands of pounds to cyber criminals.

Norwich Evening News: Internet security specialist David Higgins at his Hanworth home. Photo by Mark BullimoreInternet security specialist David Higgins at his Hanworth home. Photo by Mark Bullimore (Image: Archant Norfolk 2015)

A small company in Norfolk, which wished to remain anonymous, was forced to pay a 100 bitcoin ransom (£45,000) after the accounts department received an email from a 'customer' asking for a refund.

After clicking on a link, it downloaded software which encrypted their files, and the firm was forced to pay before it was reversed.

A further multi-national company, based in Norwich, was caught out by a hacker who managed to persuade one of its finance managers to transfer $18,000 (£12,700) to a bank in Germany.

Neither cases were reported to the police, and neither business has had any money returned.

Paul Maskall, cyber security adviser for the Norfolk and Suffolk Cyber Crime Unit, said the threat of cyber crime was 'always present', adding: 'Unfortunately it is indiscriminate and can affect anyone no matter who or what you are.'

But with stigma still attached to cyber attacks, 80pc of crimes are not reported. Mr Maskall said it was 'impossible to quantify' the number of attacks over the last year, but added 90pc of cybercrime begins with a lack of education and involved human actions, such as opening a suspicious email or attachment.

'In reality, one cyber attack can completely decimate a business,' he said. 'You could have all your capital completely removed from your bank as a result of poor information hygiene.'

Businesses have now been given two years to prepare for the biggest shake up of data protection law for 20 years, or face a £15m fine.

New regulations, aimed to give people more control over their personal data, mean organisations will need to ramp up their cyber security and report data breaches to the authorities.

The new law, the EU General Data Protection Regulation, was outlined in May, and will come into force in May 2018.

Businesses who fall foul of the regulations will face fines of up to £15m or 4% of turnover, whichever is higher.

It comes as new figures from the Federation of Small Businesses reveal there were seven million attacks against small and medium sized-businesses in the UK last year.

But the new regulations hope to offer greater protection.

David Higgins, founder of north Norfolk-based digital security company 4ITSec, said: 'Although the deadline may seem far off now, it will most certainly creep up on us, with devastating consequences for those who failed to take heed.

'For many, this process of adaptation will be difficult, time-consuming and costly, so it would be a good idea to start making mapping out future-proof strategies.'