Security is a big deal for our homes and businesses. Locks, alarms, motion sensors and security lights all play a key role in protecting our property. However, in the modern high-tech world, the reality is that a business is far more likely to suffer from a cyber attack than they are to be a victim of a robbery. This has been highlighted in several high profile database hacks over the last few years such as Yahoo, TalkTalk, Tesco Bank and dating website Ashley Madison.
New government research has shown that, in the past year, nearly half of businesses in the UK have experienced a cyber attack – rising to two-thirds among medium and large companies (which are categorised by having at least 100 staff).
These attacks ranged from fraudulent emails (the most common type of attack) to viruses, spyware and malware and resulted not only in financial consequences but also loss of confidence, reputation and productivity. Worryingly, of the 1,500 businesses surveyed, a significant number still did not have basic protections in place, had any formal policy over cyber security or had assigned a senior member of staff to be responsible.
This is a worrying statistic. Business owners wouldn’t dream of leaving their premises unlocked at night, or not bothering to turn on the burglar alarm, yet many are essentially doing the cyber equivalent.
Interestingly, however, the government survey also revealed that nearly three quarters of businesses place cyber security as a high priority issue – indicating that perhaps many companies want to do something to increase security but are not sure on the best way to go about it. For example, it would be easy to tell someone not to open any emails from an unknown source, but very few businesses could run efficiently if they did that.
Whereas organisations such as banks, financial institutions and law enforcement agencies will deal with cyber security breaches via in-house expertise, most other businesses are reliant on outside IT providers to resolve issues after an attack.
It’s a topic that is moving rapidly into focus for UK businesses. Not only is the threat of an attack greater than ever, next year extension to data protection regulations will be coming into force, increasing a firm’s responsibilities for data protection, with greater penalties imposed for failure to adopt the appropriate protection.
It is vital that businesses have a clear path to follow with regards to adopting the correct protection and where and how to report attacks, and it’s here that government and the police could provide more guidance on the options open to companies that have suffered a breach. It is thought that the figures released could be quite a large underestimation, as many firms may not even know they’ve been hit, and most of the ones that do only report it to their security provider, due to a lack of awareness around who to report such events to – highlighting the need for clarification on reporting and response procedures.
Commenting on the fight against cyber security threats, Ciaran Martin, Chief Executive of the National Cyber Security Centre, whilst stressing the importance of cyber security as a top priority, also highlighted that most cyber attacks were not that sophisticated and by getting the basics right, businesses can protect their reputation, finances and operating capability.