The Government and industry leaders in cyber security want to make the country the safest place to do business in the digital world. Today, cyber threats pose one of the biggest dangers to the economy and businesses are being urged to take action to protect themselves.
THE LATEST ANNUAL CYBER SECURITY SURVEY, conducted in 2015 on behalf of the UK Government by consultancy firm PwC, draws a startling picture of the threat businesses large and small are facing. In this article, Business Talk provides the top line results of the survey of nearly 700 businesses, 50% of which were SMEs.
Rising security breaches
In the last year, 90% of large organisations and 74% of small businesses (up to 500 employees) experienced a security breach, an increase from 81% and 60% respectively on the year before. 59% of organisations which responded to the survey expect additional security issues in the coming year.
The survey showed that larger corporations are prone to more frequent and more severe breaches, but that smaller businesses are increasingly susceptible to malicious security breaches as shown in the chart.
Additionally, although the average number of breaches individual smaller businesses suffered dropped from six breaches down to four, the combined number of breaches has increased. This shows that cyber attackers are spreading their assaults to find more unprepared businesses, with these typically being smaller companies.
The cost of a security breach
Even though small businesses don’t experience as severe or frequent breaches, the breaches they do experience can have a much harsher impact on the business’ bottom line. For small businesses the survey revealed that most serious breach cost between £75k and £311k. The larger an organisation is, the greater the risk of a breach and the higher the associated cost becomes.
Cyber-attacks can also have a severe impact on a company’s reputation. For smaller businesses the survey showed a significant increase in adverse media coverage.
Emerging cyber defence trends
Almost every type of business experiences some form of a security breach, the majority of which have the potential to do untold harm. Positively, over recent years, businesses have shifted their focus to protecting their business and information precious to them by recognising that a cyberattack is now more likely to happen than not.
The survey revealed that smaller organisations reported a 44% increase in cyber security spend over the previous year. However, it also reported that very few businesses had implemented the UK Government’s Cyber Essentials scheme (see following article for more on this) with over half having no current plans to deploy it – probably due to a lack of awareness of its existence.
Among many businesses, there has been a growing trend in outsourcing a portion of their security functions to protect customer information and organisational reputation, including through the use of cloud computing and storage.
Knowledge is security
For businesses that are not knowledgeable about cyber security, it unfortunately often takes a detrimental security breach to recognise the risks involved. Based on the responses to the survey, most business only take appropriate actions to properly secure their IT systems, customer information and organisational reputation after they have incurred some form of attack.
The largest change (50% of affected businesses) was an increase in cyber security training for staff, followed closely by changes to configurations of existing systems (47%) and to company policies and procedures (39%).
For businesses that want to defend against a cyber-attack, staff must be properly trained in cyber security to understand the risks, be equipped to identify them and take appropriate action. At the same time, it’s essential to put in place the correct systems and configurations, as well as clear policies to protect the business from the growing menace of cyber-attacks.
In our next article, Business Talk explains how the UK Government’s recently launched Cyber Essentials scheme can provide the driving force and framework for organisations to put in place the protection needed in today’s interconnected world.