Half of UK firms hit by cyber incident in past year
Written by Deborah Ritchie
New statistics show businesses across the UK are being targeted by cyber criminals every day and the scale and size of the threat is growing.
The government’s latest study of cyber preparedness among UK companies suggests that nearly seven in ten large businesses identified a breach or attack in the past year, and puts the average cost to large businesses of all breaches over the period at £20,000 and in some cases millions.
The Cyber Security Breaches Survey 2017 also shows businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51% compared with 37%).
According to the study, released today, the most common breaches or attacks were via fraudulent emails, followed by viruses and malware or ransomware. Businesses also identified these common breaches as their single most disruptive breach, and the vast majority of them could have been prevented.
CEO of the National Cyber Security Centre, Ciaran Martin, said UK businesses must treat cyber security as a top priority if they want to take advantage of the opportunities offered by the UK’s vibrant digital economy. “The majority of successful cyber attacks are not that sophisticated but can cause serious commercial damage," he said. "By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities."
Government has committed to investing £1.9bn to protect the nation from cyber attacks, and is urging businesses to play their part in protecting data, and offers free advice, online training and Cyber Essentials and Cyber Aware schemes.
All businesses that hold personal data will have to make sure they are compliant with the new General Data Protection Regulation (GDPR) legislation from May 2018.
Cyber security preparedness: Headline findings (Source: The Cyber Security Breaches Survey 2017)
-Of the businesses which identified a breach or attack, almost a quarter had a temporary loss of files, a fifth had software or systems corrupted, one in ten lost access to third party systems they rely on, and one in ten had their website taken down or slowed.
-Firms are increasingly concerned about data protection, with the need to protect customer data cited as the top reason for investing by half of all firms who spend money on cyber security measures.
-Following a number of high profile cyber attacks, businesses are taking the threat seriously, with three quarters of all firms saying cyber security is a high priority for senior managers and directors; nine in ten businesses regularly update their software and malware protection; and two thirds of businesses invest money in cyber security measures.
-Small businesses can also be hit particularly hard by attacks, with nearly one in five taking a day or more to recover from their most disruptive breach.
-Areas in which industry could do more to protect itself include around guidance on acceptably strong passwords (only seven in ten firms currently do this), formal policies on managing cyber security risk (only one third of firms), cyber security training (only one in five firms), and planning for an attack with a cyber security incident management plan (only one in ten firms).