A new report by the Institute of Directors (IoD) says that business leaders are still putting cyber-security on the back burner.
The survey, conducted in partnership with Barclays bank, shows that a number of UK businesses have no formal plan to protect themselves from a cyber-attack and there has been no improvement in the last year.
Although 94 percent of companies think security of their IT systems is important, only half (56 percent) have a strategy in place to protect their devices and data. The report shows that despite a number of high-profile cyber-attacks over the last year, as many as 40 percent of respondents would not know who to contact to report online fraud.
The IoD warns that the UK is a leader in the digital economy, but if it is to build on its existing strengths and capitalise on new technologies, businesses must to go into the future with their eyes open to the risks.
With the new General Data Protection Regulation, which comes into effect next May, companies will be made much more accountable for their customers' data, and we are urging business leaders to step up their preparations now.
The Government has made positive steps in the last year to protect business and consumers, particularly by founding the National Cyber Security Centre, the report said.
By bringing together several different agencies, and placing the centre within GCHQ, the UK authorities are well-placed to detect and understand cyber-threats. For businesses, however, ultimate responsibility will always lie in the boardroom.
Tony Pepper, co-founder and CEO at Egress told SC Media UK: “It seems astounding that despite the numerous very high profile breaches in recent memory, just over half have a strategy in place to deal with cyber-security. It's difficult to understand why, given the plethora of tools, advice and warnings that are out there, businesses are still so unprepared.”
The report adds that over the last 12 months, the number of cyber-security incidents has continued to increase, and more and more it is being demonstrated that it isn't just “the usual suspects” being attacked.
Pepper continued: “From Lincolnshire County Council to Tesco Bank, it's clear that cyber-security is an issue for just about every organisation. There are no signs that such threats are going to decrease.
“Take internet fraud, for instance, relevant not just to personal consumers but to businesses whose banking accounts and credit cards are often very similar in nature; a 64 percent increase from 2014 to 2015 alone, to a scale of some £133.5 million. Small, medium and large firms need to consider the best way to protect themselves against what might be the defining challenge for business in the 21st century.”The report says that Government, too, needs to do more to point busy business leaders towards existing schemes and advice, and making schemes more relevant. They might also consider encouraging training through “nudges” on the business community. Ultimately, however, this is a matter for business – in a digital economy, it's the equivalent of installing a burglar alarm.