A worrying number of UK businesses are still in the dark when it comes to matters of cyber security, a survey report has revealed today.
The report, commissioned by the Institute of Directors polled over 845 members and findings are both encouraging and worrying. While 95 percent consider cyber security to be very or quite important to their business, almost 45 percent have no formal cyber security strategy. Only 44 percent laid on cyber awareness training, and quite a few leave gaps of more than a year between their training programmes.
Perhaps most startling is the fact that in the event of a cyber attack, almost 40 percent wouldn’t know who to contact. And these are business leaders. Referring to the report, Matt Hancock, Minister for Digital and Culture said: ‘We know the scale of the threat is significant: one in three small firms, and 65% of large businesses are known to have, experienced a cyber breach or attack in the past year. Of those large firms breached, a quarter were known to have been attacked at least once per month.’
While IoD members are aware of the threat presented by cyber crime, particularly on mobile and tablets. But just over half have protected all of their devices, and less than a third use virtual private networks (VPNs). ‘With threats evolving all the time, and demanding new regulations just around the corner, we cannot afford another year of complacency from business. Now is the time for firms to test their defences and make sure all of their employees, including management, have the right skills and knowledge on cyber security. This isn’t an IT issue, it’s a business survival issue,’ said Stephen Martin, Director General of the Institute of Directors.
The Cyber Readiness Report 2017 by Hiscox reported that the average estimated cost of a cyber attack was as much as £25,000 for a firm with fewer than 100 employees, rising to £53,000 for large firms with more than 2,250 employees and so the government is determined to tackle cyber crime.
They are suggesting Boardroom responsibility taking, regular cyber awareness training (atleast once a year) and attack simulations for their directors and staff, to make sure security systems are robust. So, while two-thirds have taken government advice to use a variety of different passwords and a similar number use cloud software, just 73 percent have a process in place when receiving invoices and requests for electronic payments to verify their legitimacy.