Businesses are being urged to protect themselves against cyber crime after Government statistics found nearly half of all UK businesses suffered a cyber breach or attack in the past 12 months. The Cyber Security Breaches Survey 2017 reveals nearly seven in ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and in some cases reaching millions. The survey also shows businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51% compared with 37%).
The most common breaches or attacks were via fraudulent emails – for example coaxing staff into revealing passwords or financial information, or opening dangerous attachments – followed by viruses and malware, such as people impersonating the organisation online and ransomware. Businesses also identified these common breaches as their single most disruptive breach, and the Government said the vast majority of them could have been prevented using its industry supported Cyber Essentials scheme, a source of expert guidance showing how to protect against these threats. The Government has committed to investing £1.9bn to protect the nation from cyber attacks.
It said industry could do more to protect itself by providing guidance on acceptably strong passwords (only seven in ten firms currently do this), formal policies on managing cyber security risk (only one third of firms), cyber security training (only one in five firms), and planning for an attack with a cyber security incident management plan (only one in ten firms). All businesses which hold personal data will have to make sure they are compliant with the new General Data Protection Regulation (GDPR) legislation from May 2018. This will strengthen the right to data protection, which is a fundamental right, and allow individuals to have trust when they give their personal data.
The Cyber Breaches Survey is part of the Government’s five-year National Cyber Security Strategy to transform this country’s cyber security. As part of the strategy, the Government recently opened the new National Cyber Security Centre (NCSC), a part of GCHQ. One of the key objectives of the NCSC is to increase the UK’s cyberspace resilience by working with and providing expert advice tailored to organisations and businesses in every sector of the UK economy and society.
“UK businesses must treat cyber security as a top priority if they want to take advantage of the opportunities offered by the UK’s vibrant digital economy,” said NCSC chief executive Ciaran Martin. “The majority of successful cyber attacks are not that sophisticated but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.”