Businesses large and small are being urged to protect themselves against cyber crime in the wake of new Government statistics stating that nearly half of all UK businesses have suffered a cyber breach or attack episode in the past 12 months.
The Cyber Security Breaches Survey 2017 reveals nearly seven-in-ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and, in some cases, reaching millions. The survey also shows businesses holding electronic personal data on customers are much more likely to suffer cyber breaches than those that don’t (51% compared to 37%).
The most common breaches or attacks are via fraudulent e-mails (for example, coaxing staff into revealing passwords or financial information or opening dangerous attachments) followed by viruses and malware, such as people impersonating the organisation online and ransomware.
Businesses also identified these common breaches as their single most disruptive breach. The majority of them could have been prevented by using the Government-backed, industry supported Cyber Essentials scheme, a source of expert guidance showing how to protect against these threats.
These new statistics show businesses across the UK are being targeted by cyber criminals every day and the scale and size of the threat is growing, which risks damaging profits and customer confidence.
The Government has committed to investing £1.9 billion to protect the nation from cyber attacks to help make the UK the safest place in which to live and do business online.
Business also has a role to play in protecting customer data. For its part, the Government offers free advice, online training and Cyber Essentials and Cyber Aware schemes.
Concerned about data protection
Of the businesses which identified a breach or attack, almost a quarter had a temporary loss of files, a fifth had software or systems corrupted, one-in-ten lost access to third party systems upon which they rely and the same number had their website taken down or slowed.
Firms are increasingly concerned about data protection, with the need to protect customer data cited as the top reason for investing by half of all firms who spend money on cyber security measures.
Following a number of high-profile cyber attacks, businesses are taking the threat seriously, with three quarters of all firms saying cyber security is a high priority for senior managers and directors. Nine in every ten businesses regularly update their software and malware protection, while two thirds invest money in cyber security measures.
Small businesses can also be hit particularly hard by attacks, with nearly one-in-five taking a day or more to recover from their most disruptive breach.
Areas where industry could do more to protect itself include around guidance on acceptably strong passwords (only seven-in-ten firms currently do this), formal policies on managing cyber security risk (only one third of firms), cyber security training (only one-in-five firms) and planning for an attack with a cyber security incident management plan (only one-in-ten firms).
General Data Protection Regulation
All businesses which hold personal data will have to make sure they are compliant with the new European Union General Data Protection Regulation (GDPR) legislation from May 2018. This will strengthen the right to data protection, which is a fundamental right, and allow individuals to have trust when they give their personal data.
The Cyber Breaches Survey is part of the Government’s five-year National Cyber Security Strategy aimed at transforming the country’s cyber security and protecting the UK online. As part of the strategy, the Government recently opened the new National Cyber Security Centre, itself a part of GCHQ. One of the key objectives of the National Cyber Security Centre is to increase the UK’s cyber space resilience by working with and providing advice tailored to organisations and businesses in every sector of the UK economy and society.
Ciaran Martin, CEO of the National Cyber Security Centre, said: “UK businesses must treat cyber security as a top priority if they want to take advantage of the opportunities offered by the UK’s vibrant digital economy. The majority of successful cyber attacks are not that sophisticated, but can cause serious commercial damage. By making sure their basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.”