Increasingly, businesses are moving critical infrastructure online, making it more vulnerable to digital threats, but despite this, a new study carried out by TalkTalk has shown that, even though there has been an increased concern over cyber security across the last year, and an elevated spend on this area, there’s still a high degree of complacency, with few common practices observed in response to the threat posed.
The Cyber Security White Paper finds that, while 87% of businesses reported having some form of continuity plan in place, fewer than half of organisations have secure practice guidelines to ensure employees know how to keep the business safe. One of the biggest problems when it comes to cyber security in British businesses is not that there are no measures in place, but that they’re inconsistently applied and often not reinforced. Nearly 90% of respondents reported having a plan in place for when a data breach occurs, but only 56% of respondents believe they’re secure when it comes to digital threats, while 52% of businesses still don’t have any secure practice guidelines organised.
Overall, 86% of respondents believe they’re doing enough to mitigate the impact of cyber attacks. Most respondents still think it’s enough to have the IT or Security Department involved in mitigating the effect of cyber attacks, with 33% considering the IT Department as being solely responsible for handling security threats.
In addition, almost two thirds of interviewees stated that cyber security isn’t their department’s responsibility. While over three quarters of businesses have a Board of Directors that’s involved in assessing cyber security preparedness, only 25% have a dedicated security executive in place.
The Cyber Resilience Report, recently published by the Business Continuity Institute (BCI) revealed that two-thirds of organisations experienced a cyber security incident during the previous year and 15% of them at least ten. This shows the cyber threat is very real and that organisations must take it seriously. That process begins by making sure resources are available to combat the threat. Such is the level of the threat that cyber attacks and data breaches were identified as the top two concerns by business continuity professionals in the BCI’s Horizon Scan Report.
Kristine Olson-Chapman, general manager at TalkTalk Business, said: “For us, cyber security is no longer just a technology issue. Rather, it’s a business issue for the whole company. Any business that has ever experienced a cyber attack will tell you that they never expected it, even with all the processes in place. Businesses need to ask themselves what they need to do now to plan and prepare.”
Windsor Holden, head of forecasting and consultancy at Juniper Research, commented: “Cyber security is a big concern for businesses of all sizes. An attack episode could cost millions of pounds in lost data, reputation, time and customers. Yet our study shows that businesses believe they’re far more secure than they really are. While no business can be completely safe nowadays, there are steps that companies can take to ensure they are as secure as possible, and that they’re able to recover quickly in the event of a cyber attack taking place.”
SMEs waken to cyber risks and reputational damage
The risks posed by cyber attacks and reputational damage are increasingly worrying small and medium-sized enterprises. That’s according to the third annual global SME survey conducted by the Zurich Insurance Group. Among respondents, concerns about cyber crime have almost tripled since 2013 (11% versus 4%), while worries over reputational damage have also increased (14% versus 8% three years ago). Globally, SMEs’ risk awareness increased over the past years as only 7% don’t see any risks for their business in 2016.
European SMEs’ awareness and perception of various types of risk have increased since the survey started in 2013. Concerns about cyber crime tripled among European SMEs (12% versus 4%), while the perceived risk of reputational damage doubled (14% versus 7%). Concerns about fire risk also increased two-fold (10% today versus 5%).
Perceived risks in Latin America differ significantly from those in other regions. Since 2013, concerns about natural catastrophes have almost tripled (14% versus 5%). Worries about the risks of damage to corporate transport – including corporate fleets and vehicles – have more than doubled (13% versus 5%). On the positive side, confidence in partners and suppliers has increased (12% see risks here, as opposed to 23% back in 2013).
SMEs in the Asia Pacific zone are worried about fire, cyber crime, technological vulnerabilities, the Health and Safety of customers or employees and corruption, instances of which have almost doubled. However, the fastest-growing concern is the threat of reputational damage, which rose to a level of 12% from just 2%.
In the US, risk awareness has risen right across the board. Interestingly, technology failures and vulnerabilities feature among the top three risks in the States. This is significantly higher than for the other regions surveyed. The SMEs’ concerns over risks of theft (18% versus 9%) and damage related to corporate transport (14% versus 6%) are also roughly doubled.