British Businesses Must Do More To Protect Themselves

Uploaded on 2024-04-22 in NEWS-Cybersecurity News, FREE TO VIEW

Cyber attacks are increasing, but businesses aren’t helping themselves as half of those in Britain  suffered a cyber attack or security breach in the last 12 months . Indeed, the situation is so bad that the UK Government’s Cyber Security Report 2023, has been criticised for not highlighting how small businesses are failing to respond to the risks of cyber attacks.

The annual Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the the National Cyber Strategy.  It is primarily used to inform government policy on cyber security, making the UK cyberspace a secure place to do business.

The study explores the policies, processes and approach to cyber security, for businesses, charities and educational institutions. It also considers the different cyber attacks and cyber crimes these organisations face, as well as how these organisations are impacted and respond,” says the Report.

Dealing With Breaches & Attacks

The Report explores how well businesses and charities deal with breaches or attacks, including identification, response, reporting and adaptation to prevent future cases. In the survey, questions on this topic were  framed in terms of the most disruptive breach or attack an organisation had faced in the last 12 months.

The results of reported in a key section of the report is based on ony the 50% of business and 32% of charities that identified breaches or attacks  rather than the full sample, consequently, the sector and subgroup anaylsis is unliklely to present a full picture. 

Even so, the survey results seem to demonstrate just how poorly British businesses - especially small businesses - are responding to the  challenge of preventing, detecting or responding to data breaches

One section of the survey focuses on how businesses respond to incidents, finding that only a few businesses report a breachand that more than a third (39%) said that no action was taken in response to their most disruptive breach in the last 12 months.
 
Commenting on these finding  Andy Kays, CEO of cyber security firm Socura, who deliver managed services to some of the UK’s biggest brands and  several NHS trusts, “It is incredibly disappointing to see such disregard for cyber security among the UK’s small business community. Despite years of warnings from experts, countless data breach headlines, and increased regulatory action, this issue still isn’t on their radar... Only a fraction of UK businesses have any kind of formalised incident response plan.. Businesses will always have a plan in case of a fire, but will not apply the same due care for a data breach, which is statistically much more likely."

According to Kays,  most businesses’ experience with cyber incidents is limited to phishing attempts, and their default response is to conduct security awareness training if they do anything at all.

“In the event of a breach, businesses are not keeping records, not informing the police or regulators, not assessing the scale and impact of the incident. They are failing to do the bare minimum. It’s also important to note that businesses are doing very little to prevent or detect breaches in the first place." Kays says.

Furthemore, the estimated financial cost of a data breachof just over £1,200 per incident seems low compared to other sources. “We know that large enterprise businesses can lose millions in the event of a data breach due to the disruption, reputational impact and share price drop. The ICO can also impose serious fines to businesses that fall foul of GDPR.” Kays said.

UK Government     |     Socura     |     Tech Radar

Image: Ideogram

You Might Also Read: 

Key Security Risks For Small Businesses:

DIRECTORY OF SUPPLIERS - Incident Response:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Using YouTube To Deliver Malware
Iranian Hackers Attack US Water Supplies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

ID Agent

ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

Australian Cyber Collaboration Centre (Aus3C)

Australian Cyber Collaboration Centre (Aus3C)

The Australian Cyber Collaboration Centre (Aus3C) is committed to building cyber capacity and securing Australia's digital landscape.

SafeCipher

SafeCipher

SafeCypher are crypto specialists with a very specialized knowledge of Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Quantum Resistant Cryptography and Crypto-Agility.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre is the jurisdiction's Cyber Emergency Response Team (CERT) and national technical authority for cyber security.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.