Businesses large and small are being urged to protect themselves against cyber-crime after new government statistics found more thanhalf of all UK businesses suffered a cyber-breach or attack in the past 12 months.
The Cyber-Security Breaches Survey 2017 reveals nearly seven in ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and in some cases reaching millions.
The survey also shows businesses holding electronic personal data on customers were much more likely to suffer cyber-breaches than those that do not (51 per cent compared to 37 per cent).
The Cyber-Breaches Survey is part of the UK government's five-year national cyber-security strategy to transform this country's cyber-security and to protect the UK online. As part of the strategy, the government recently opened the new National Cyber-Security Centre (NCSC), a part of GCHQ.
Anton Grashion, managing director security practice at Cylance commented: “This is probably an underestimate if anything. Two reasons for this, firstly, this assumes they even know they have been hit, secondly, people are more likely to under-report. Evidence of our testing when we run a POC with prospective customers is that we almost invariably discover active malware on their systems so it's the unconscious acceptance of risk that plagues both large and small businesses.”
The most common breaches or attacks were via fraudulent emails - for example coaxing staff into revealing passwords or financial information, or opening dangerous attachments - followed by viruses and malware, such as people impersonating the organisation online and ransomware.
Businesses also identified these common breaches as their single most disruptive breach, and the vast majority of them could have been prevented using the Government-backed, industry supported Cyber-Essentials scheme, a source of expert guidance showing how to protect against these threats.
These new statistics show businesses across the UK are being targeted by cyber-criminals every day and the scale and size of the threat is growing, which risks damaging profits and customer confidence.
The government has committed to investing £1.9 billion to protect the nation from cyber-attacks to help make the UK the safest place to live and do business online.
Business also has a role to play to protect customer data. The government offers free advice, online training and Cyber-Essentials and Cyber-Aware schemes.
Ciaran Martin, CEO of the NCSC, said: “The majority of successful cyber-attacks are not that sophisticated but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities. Cyber-Essentials, technical advice on CiSP and regularly updated guidance on the NCSC website offers companies, big and small, simple steps that can significantly reduce the risk of a successful attack.”
Talal Rajab, techUK's head of programme for cyber, said: “It is encouraging to see that cyber is rising up the priorities list for most businesses. In particular, small-to-medium sized businesses are becoming increasingly aware of the risks - one in five small businesses surveyed found that it took a day or more to recover from their most disruptive breach.”
“Organisations are becoming much more cognisant of cyber-risks and have put in some measures, however, more can be done to obtain guidance and take further action to protect businesses and their customers. The UK's world-leading digital economy is predicated on strong cyber-security and it is crucial that businesses take heed of the statistics revealed in the survey, and safeguard themselves from this growing threat,” said Rajab.