Businesses need to “get real” about cyber security warns the Institute of Directors

Businesses are not taking cyber security seriously enough, the Institute of Directors (IoD) has warned, with under a third (28%) of cyber attacks being reported to the police. In a new report entitled Cyber Security: Underpinning The Digital Economy, which is supported by Barclays, the IoD reveals that companies are keeping quiet even though half (49%) of attacks have resulted in the interruption of business operations. The scale of the threat should not be underestimated, the business group has added, with over seven in ten companies stating they had been sent bogus invoices via e-mail.

The survey* of nearly 1,000 IoD members shows a worrying gap between awareness of the risks and business preparedness. While nine in ten (91%) business leaders said that cyber security was important, only around half (57%) had a formal strategy in place to protect themselves, while just a fifth (20%) held insurance against an attack.

Official efforts to tackle cyber crime seem to be failing to get through to businesses, with nearly seven in ten (68%) IoD members never having heard of Action Fraud Aware, the UK’s national Reporting Centre for Fraud and Internet Crime.

The growing threat of breaches will create a ‘cyber paradox’, the IoD has suggested, meaning that although business will increasingly take place online, firms will no longer feel confident in the encryption protecting sensitive information when it’s transferred. This could lead to companies going back in time, and resorting to old-fashioned methods for sending important data.

Significant business challenge

Professor Richard Benham, author of the report, said: “Cyber crime is one of the biggest business challenges of our generation. Companies need to get real about the financial and reputational damage it can inflict. The spate of recent high-profile attacks has spooked employers of all sizes. It’s now vital to turn this awareness into action. Customers and partners expect the businesses they deal with to get it right.”

Professor Benham continued: “As attacks become more prevalent and increasingly sophisticated, businesses need to defend themselves, know how to limit damage and be ready to respond quickly and comprehensively when the inevitable happens. No shop-owner would think twice about phoning the police if they were broken into yet, for some reason, businesses don’t seem to think a cyber breach warrants the same response.”

He concluded: “Our report shows that cyber must stop being treated as the domain of the IT Department and should be a Boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.”

Adam Rowse, head of business banking at Barclays, commented: “Businesses must recognise the threat that cyber crime can pose to them, their reputation and subsequently their bottom line. With the number of customers going online rapidly rising, the issue of cyber security has never been more important. Companies need to consider cyber security as being as critical to their business operation as cost or cash flow.”

Rowse went on to state: “Some of the actions that businesses can take to ‘get cyber smart’ include creating a cyber security strategy, raising awareness among staff of the common cons used to commit cyber crime, installing software that keeps them and their customers’ details safe and making sure that all software’s up-to-date.”

Barclays’ collaboration with the IoD is part of the bank’s commitment to raise awareness among the general public of the importance of cyber security and the impact of cyber crime. Earlier this year, the Government announced that the bank would be a part of the UK’s new joint Fraud Task Force. From April onwards, Barclays will host a series of events specifically for businesses providing guidance on how they can protect themselves from cyber crime.

Further information on how to be ‘cyber smart’ can be found at:

*Responses were received from 980 IoD members between 9 and 24 December 2015

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts