British Businesses Must Do More To Protect Themselves

Uploaded on 2024-04-22 in NEWS-Cybersecurity News, FREE TO VIEW

Cyber attacks are increasing, but businesses aren’t helping themselves as half of those in Britain  suffered a cyber attack or security breach in the last 12 months . Indeed, the situation is so bad that the UK Government’s Cyber Security Report 2023, has been criticised for not highlighting how small businesses are failing to respond to the risks of cyber attacks.

The annual Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the the National Cyber Strategy.  It is primarily used to inform government policy on cyber security, making the UK cyberspace a secure place to do business.

The study explores the policies, processes and approach to cyber security, for businesses, charities and educational institutions. It also considers the different cyber attacks and cyber crimes these organisations face, as well as how these organisations are impacted and respond,” says the Report.

Dealing With Breaches & Attacks

The Report explores how well businesses and charities deal with breaches or attacks, including identification, response, reporting and adaptation to prevent future cases. In the survey, questions on this topic were  framed in terms of the most disruptive breach or attack an organisation had faced in the last 12 months.

The results of reported in a key section of the report is based on ony the 50% of business and 32% of charities that identified breaches or attacks  rather than the full sample, consequently, the sector and subgroup anaylsis is unliklely to present a full picture. 

Even so, the survey results seem to demonstrate just how poorly British businesses - especially small businesses - are responding to the  challenge of preventing, detecting or responding to data breaches

One section of the survey focuses on how businesses respond to incidents, finding that only a few businesses report a breachand that more than a third (39%) said that no action was taken in response to their most disruptive breach in the last 12 months.
 
Commenting on these finding  Andy Kays, CEO of cyber security firm Socura, who deliver managed services to some of the UK’s biggest brands and  several NHS trusts, “It is incredibly disappointing to see such disregard for cyber security among the UK’s small business community. Despite years of warnings from experts, countless data breach headlines, and increased regulatory action, this issue still isn’t on their radar... Only a fraction of UK businesses have any kind of formalised incident response plan.. Businesses will always have a plan in case of a fire, but will not apply the same due care for a data breach, which is statistically much more likely."

According to Kays,  most businesses’ experience with cyber incidents is limited to phishing attempts, and their default response is to conduct security awareness training if they do anything at all.

“In the event of a breach, businesses are not keeping records, not informing the police or regulators, not assessing the scale and impact of the incident. They are failing to do the bare minimum. It’s also important to note that businesses are doing very little to prevent or detect breaches in the first place." Kays says.

Furthemore, the estimated financial cost of a data breachof just over £1,200 per incident seems low compared to other sources. “We know that large enterprise businesses can lose millions in the event of a data breach due to the disruption, reputational impact and share price drop. The ICO can also impose serious fines to businesses that fall foul of GDPR.” Kays said.

UK Government     |     Socura     |     Tech Radar

Image: Ideogram

You Might Also Read: 

Key Security Risks For Small Businesses:

DIRECTORY OF SUPPLIERS - Incident Response:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Using YouTube To Deliver Malware
Iranian Hackers Attack US Water Supplies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

AdEPT Technology Group

AdEPT Technology Group

AdEPT are a managed services and telecommunications provider offering award-winning, proven and uncomplicated technical solutions for over 12,000 organisations across the UK.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

Code First Girls

Code First Girls

Code First Girls are on a mission to close the gender gap in the tech industry by providing employment through free education.

CliffGuard Cybersecurity

CliffGuard Cybersecurity

CliffGuard Cybersecurity deliver comprehensive services designed to protect your organization from the ever-evolving landscape of cyber threats.