Industry Security Breach
How much is your business willing to spend on cyber security?
Businesses large and small are being urged to protect themselves against cyber-crime after new government statistics discovered nearly half of all UK businesses have suffered a cyber breach or attack in the past 12 months. These figures have risen to two-thirds among medium sized businesses (66%) and large businesses (68%.) In fact, the Cyber Security Breaches Survey 2017 has revealed nearly 7 in 10 businesses identified a breach on some level, with firms holding personal data, more likely to face an attack (51%); compared to 37% of businesses who do not hold personal data.
The most common attacks experienced by businesses were made through fraudulent emails (72%), followed by viruses, spyware and malware (33%.) A further quarter suffered temporary loss of files, whilst one fifth had software or systems corrupted. 1 in 10 lost access to third party systems they rely on, and 1 in 10 had their website taken down or significantly slowed.
The recent statistics prove that businesses across the UK are being targeted and, in 2017, the size and scale of the threat appears to be growing. Subsequently, the government has committed to investing £1.9billion to protect the nation from cyber-attacks and will offer free advice, online training and cyber awareness schemes.
Certainly, a clear majority of these attacks could be prevented by utilising a government-backed, industry supported scheme such as Cyber Essentials; a source of expert guidance showcasing how to protect against outside threats. But it isn’t just down to the government: businesses need to be proactive in protecting their data too.
Per gov.uk, the areas where industries could do more to protect themselves include guidance on strong passwords (7 in 10 firms currently do this), formal policies on managing cyber security risk (a third of firms do this), cyber security training (as little as 1 in 5 firms do this) and planning for an attack with a cyber security incident management plan (just 1 in 10 firms adhere to this.) Subsequently, three in five (58%) businesses have sought information, advice or guidance on the cyber security threats facing their organisations over the past year.
Ciaran Martin, CEO of the National Cyber Security Centre adds: “Most successful cyber-attacks are not that sophisticated, but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.”
Is your CEO taking cyber security seriously?
Per research carried out by PwC, 76% of UK CEO’s believe cyber risks to be a significant threat to business in 2017. Consequently, 97% of British CEO’s are currently addressing possible cyber breaches in their organisation; far higher than the global average figure of 90%.
The findings – based on a research sample of 1,379 global leaders, including 126 UK CEO’s – show UK leaders are significantly more concerned about cyber threats than many of their global peers (UK 76%; global 61%) who do not consider cyber security breaches to be a heightened threat to business.
Richard Home, UK cyber security partner at PwC comments: “Most business boards now recognise that cyber security is a complex risk that requires their attention. The most successful leaders will be those who define a comprehensive, broad approach to governing cyber security.
How much will your industry spend on cyber security?
Over the past year, most businesses (67%) have spent money on their cyber security, which tends to be far higher among medium firms (87%) and large firms (91%.) With this in mind, Reboot Online Marketing decided to analyse exactly how much each UK industry is willing to spend on their cyber security measurements:
From the data, it is evident spending is higher within sectors that consider cyber security a high priority; such as in information, communications and utilities, or finance and insurance. Certainly, the use of data is far more prevalent in these industries and therefore it is paramount not to cut costs.
However, there is an anomaly in concern to education, health and social care – which has the 2nd lowest spend for cyber security. Considering this industry is data heavy, it is surprising to see an incredibly low spend – and may highlight what needs to be done in the future to sufficiently safeguard personal data.
Reboot Online also decided to consider the main reasons businesses choose to invest in cyber security, by selecting the top 10 responses made by 930 businesses across the UK.
Understandably, it seems businesses are most concerned with the protection of customer data (51%) and the loss of high-value assets, such as trade secrets, intellectual property and cash (28%.) The prevention of fraud or theft (17%) and the protection of reputation or brand (10%) were comparatively lower.
Areas of least concern were complying with laws and regulations (7%), the protection of staff and systems (4%) and improving overall efficiency of the business (4%), indicating a definite disparity between business factors and how much each means to – or may cost – a company to rectify.
7 cyber security tips to consider
To aid businesses in how they move forward with their security, PwC have constructed 7 key principles to adopt; to assist both businesses and investors in governance of cyber security.
- To have a real understanding of exposure
- To have appropriate capability and resource dedicated to cyber security
- To adopt a holistic framework and approach, including meaningful measurement
- To submit to independent review and test
- To have sufficient incident preparedness and a track record of identifying, responding to, and learning from, incidents
- To have a considered approach to legal and regulatory environments for cyber security
- To make an active community contribution, sharing information with others in the industry