“Three quarters of companies feel secure from digital threats” states TalkTalk Business White Paper

Increasingly, businesses are moving critical infrastructure online, making it more vulnerable to digital threats, but despite this, a new study carried out by TalkTalk has shown that, even though there has been an increased concern over cyber security across the last year, and an elevated spend on this area, there’s still a high degree of complacency, with few common practices observed in response to the threat posed.

The Cyber Security White Paper finds that, while 87% of businesses reported having some form of continuity plan in place, fewer than half of organisations have secure practice guidelines to ensure employees know how to keep the business safe. One of the biggest problems when it comes to cyber security in British businesses is not that there are no measures in place, but that they’re inconsistently applied and often not reinforced. Nearly 90% of respondents reported having a plan in place for when a data breach occurs, but only 56% of respondents believe they’re secure when it comes to digital threats, while 52% of businesses still don’t have any secure practice guidelines organised.

Overall, 86% of respondents believe they’re doing enough to mitigate the impact of cyber attacks. Most respondents still think it’s enough to have the IT or Security Department involved in mitigating the effect of cyber attacks, with 33% considering the IT Department as being solely responsible for handling security threats.

In addition, almost two thirds of interviewees stated that cyber security isn’t their department’s responsibility. While over three quarters of businesses have a Board of Directors that’s involved in assessing cyber security preparedness, only 25% have a dedicated security executive in place.

The Cyber Resilience Report, recently published by the Business Continuity Institute (BCI) revealed that two-thirds of organisations experienced a cyber security incident during the previous year and 15% of them at least ten. This shows the cyber threat is very real and that organisations must take it seriously. That process begins by making sure resources are available to combat the threat. Such is the level of the threat that cyber attacks and data breaches were identified as the top two concerns by business continuity professionals in the BCI’s Horizon Scan Report.

Kristine Olson-Chapman, general manager at TalkTalk Business, said: “For us, cyber security is no longer just a technology issue. Rather, it’s a business issue for the whole company. Any business that has ever experienced a cyber attack will tell you that they never expected it, even with all the processes in place. Businesses need to ask themselves what they need to do now to plan and prepare.”

Windsor Holden, head of forecasting and consultancy at Juniper Research, commented: “Cyber security is a big concern for businesses of all sizes. An attack episode could cost millions of pounds in lost data, reputation, time and customers. Yet our study shows that businesses believe they’re far more secure than they really are. While no business can be completely safe nowadays, there are steps that companies can take to ensure they are as secure as possible, and that they’re able to recover quickly in the event of a cyber attack taking place.”

SMEs waken to cyber risks and reputational damage

The risks posed by cyber attacks and reputational damage are increasingly worrying small and medium-sized enterprises. That’s according to the third annual global SME survey conducted by the Zurich Insurance Group. Among respondents, concerns about cyber crime have almost tripled since 2013 (11% versus 4%), while worries over reputational damage have also increased (14% versus 8% three years ago). Globally, SMEs’ risk awareness increased over the past years as only 7% don’t see any risks for their business in 2016.

European SMEs’ awareness and perception of various types of risk have increased since the survey started in 2013. Concerns about cyber crime tripled among European SMEs (12% versus 4%), while the perceived risk of reputational damage doubled (14% versus 7%). Concerns about fire risk also increased two-fold (10% today versus 5%).

Perceived risks in Latin America differ significantly from those in other regions. Since 2013, concerns about natural catastrophes have almost tripled (14% versus 5%). Worries about the risks of damage to corporate transport – including corporate fleets and vehicles – have more than doubled (13% versus 5%). On the positive side, confidence in partners and suppliers has increased (12% see risks here, as opposed to 23% back in 2013).

SMEs in the Asia Pacific zone are worried about fire, cyber crime, technological vulnerabilities, the Health and Safety of customers or employees and corruption, instances of which have almost doubled. However, the fastest-growing concern is the threat of reputational damage, which rose to a level of 12% from just 2%.

In the US, risk awareness has risen right across the board. Interestingly, technology failures and vulnerabilities feature among the top three risks in the States. This is significantly higher than for the other regions surveyed. The SMEs’ concerns over risks of theft (18% versus 9%) and damage related to corporate transport (14% versus 6%) are also roughly doubled.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts