One third (32%) of UK firms were victims of data theft in the last 12 months, which is higher than the global average of 29%, according to a recent report by risk consultancy Kroll. The study also revealed that two thirds (66%) of UK firms view large-scale, coordinated cyberattacks as a significant future business risk, but despite this fear, almost a quarter (23%) do not have confidence in their cyber security controls, and 30% don’t feel their risk management processes are effective.

Kroll’s Global Fraud and Risk Report, compiled using research by Forrester consulting, suggests that there is much work to be done by organisations, especially against a backdrop of strict penalties for failing to adequately protect data under the EU’s General Data Protection Regulation (GDPR) and country-specific legislation like the UK’s Data Protection Act.

Andrew Beckett, managing director of cyber risk at Kroll, said: “Amid increasingly strict data protection regulations, controls on client information can no longer be relegated to ‘checking a box’. Instead, they must be part of a robust cyber security program, considered in every business process and their importance understood by every employee.

“Organisations need to set data protection and cyber security priorities by looking inward to identify areas most at risk, and implement plans to respond efficiently in case of a breach in a manner that follows applicable legislative, regulatory and best practice requirements.

“Cyber security and data protection pose systemic challenges to many organisations, with the boundaries shifting constantly. It requires an ongoing commitment to implement and continuously test as cyber incidents are no longer a question of if, but when.”

Share Story: