New study reveals that numerous UK businesses are unprepared for a cyber-attack
Andrew Dalglish explains the potential risk for UK businesses as a result of so many not being prepared for an attack, plus looks at common weaknesses in current cyber-security and how they might be overcome.
Andrew Dalglish, co-founder, Circle Research
Cyber-security breaches can have huge consequences for businesses by damaging their reputation, and the financial implications can be just as devastating. According to government figures released last year, the average cost to a business of a severe online security breach had more than doubled to £1.46million.
A new study from B2B market research company Circle Research, has shown that numerous UK businesses are at high risk of suffering a cyber-attack and many more are not prepared to deal with an attack. A massive 78 percent of UK companies have experienced an increase in cyber-attacks over the last 12 months according to this research, and many senior cyber-security professionals believe that the threat is growing. According to those interviewed, the increasing availability of attack software and a growing sophistication in the approach used by attackers means that businesses must continually update their approach to cyber-security in order to keep data protected.
Of the IT Directors, CIOs, CTOs and Heads of Security that took part in the research, two thirds (64 percent) said that their organisation had experienced a security incident in 2015, whilst 42 percent told researchers that they had experienced more than one incident in the year. But the shocking statistics don't stop there as 13 percent of interviewees said that their oganisation had been a victim to more than 10 separate security incidents over the last year.
There are four main threats to a business: phishing (experienced by 57 percent), Trojans (experienced by 32 percent), patch exploitation (experienced by 26 percent) and distributed denial of service (DDoS) attacks (experienced by 21 percent). Despite knowing about these attacking methods, nearly one quarter (23 percent) of businesses surveyed have lost customer data as a result of these tactics.
These methods are underpinned by one main factor: the very people working in the organisations that are being attacked. The human threat is particularly high when dealing with culture-based attacks, such as phishing and Trojans - in fact 44 percent of companies admitted that they feel particularly vulnerable to this type of attack.
So what can be done to minimise threats and keep the attackers at bay you might ask?
Fifty percent of businesses advocate increasing staff training and 20 percent recommended an internal policy of increased awareness to ensure that staff are updated regularly as threats evolve and develop. The research also highlighted that nearly half (49 percent) of all businesses are operating without cyber-liability insurance cover (CLIC), which could prove to be invaluable in the event of a cyber-attack. Although CLIC insurance can only compensate businesses for the financial impact of an attack, having the insurance in place can act as significant reassurance to clients and aid a business' reputation.
But perhaps most importantly, 99 percent of businesses feel that sharing cyber-security experiences with other businesses will become one of the most effective ways to combat the growth and spread of the threat that it poses. Hackers work together to attack the business community. Perhaps now it's time for us to fight back with a unified front.
Contributed by Andrew Dalglish, co-founder, Circle Research