British Businesses Must Do More To Protect Themselves

Uploaded on 2024-04-22 in NEWS-Cybersecurity News, FREE TO VIEW

Cyber attacks are increasing, but businesses aren’t helping themselves as half of those in Britain  suffered a cyber attack or security breach in the last 12 months . Indeed, the situation is so bad that the UK Government’s Cyber Security Report 2023, has been criticised for not highlighting how small businesses are failing to respond to the risks of cyber attacks.

The annual Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the the National Cyber Strategy.  It is primarily used to inform government policy on cyber security, making the UK cyberspace a secure place to do business.

The study explores the policies, processes and approach to cyber security, for businesses, charities and educational institutions. It also considers the different cyber attacks and cyber crimes these organisations face, as well as how these organisations are impacted and respond,” says the Report.

Dealing With Breaches & Attacks

The Report explores how well businesses and charities deal with breaches or attacks, including identification, response, reporting and adaptation to prevent future cases. In the survey, questions on this topic were  framed in terms of the most disruptive breach or attack an organisation had faced in the last 12 months.

The results of reported in a key section of the report is based on ony the 50% of business and 32% of charities that identified breaches or attacks  rather than the full sample, consequently, the sector and subgroup anaylsis is unliklely to present a full picture. 

Even so, the survey results seem to demonstrate just how poorly British businesses - especially small businesses - are responding to the  challenge of preventing, detecting or responding to data breaches

One section of the survey focuses on how businesses respond to incidents, finding that only a few businesses report a breachand that more than a third (39%) said that no action was taken in response to their most disruptive breach in the last 12 months.
 
Commenting on these finding  Andy Kays, CEO of cyber security firm Socura, who deliver managed services to some of the UK’s biggest brands and  several NHS trusts, “It is incredibly disappointing to see such disregard for cyber security among the UK’s small business community. Despite years of warnings from experts, countless data breach headlines, and increased regulatory action, this issue still isn’t on their radar... Only a fraction of UK businesses have any kind of formalised incident response plan.. Businesses will always have a plan in case of a fire, but will not apply the same due care for a data breach, which is statistically much more likely."

According to Kays,  most businesses’ experience with cyber incidents is limited to phishing attempts, and their default response is to conduct security awareness training if they do anything at all.

“In the event of a breach, businesses are not keeping records, not informing the police or regulators, not assessing the scale and impact of the incident. They are failing to do the bare minimum. It’s also important to note that businesses are doing very little to prevent or detect breaches in the first place." Kays says.

Furthemore, the estimated financial cost of a data breachof just over £1,200 per incident seems low compared to other sources. “We know that large enterprise businesses can lose millions in the event of a data breach due to the disruption, reputational impact and share price drop. The ICO can also impose serious fines to businesses that fall foul of GDPR.” Kays said.

UK Government     |     Socura     |     Tech Radar

Image: Ideogram

You Might Also Read: 

Key Security Risks For Small Businesses:

DIRECTORY OF SUPPLIERS - Incident Response:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Using YouTube To Deliver Malware
Iranian Hackers Attack US Water Supplies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Lakeside Software

Lakeside Software

Lakeside Software is how organizations with large, complex IT environments can finally get visibility across their entire digital estates and see how to do more with less.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Aries Security

Aries Security

Aries Security provides a premiere cyber training range and skills assessment suite and develops content for all levels of ability.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

nandin Innovation Centre

nandin Innovation Centre

nandin is ANSTO’s Innovation Centre (Australian Nuclear Science and Technology Organisation) where science and technology entrepreneurs, startups and graduates come together.