Research Shows UK Businesses Not Taking Cyber Security Seriously

A recent research study has been complied based on a survey of UK businesses and their exposure to cyber attacks.

The survey has found that over two thirds of Britain’s businesses have been targeted in cyber attacks during the past 12 month, with a quarter of them experiencing a breach at least once a month.

The Cyber Security Breaches Survey was conducted for the UK government by Ipsos Mori and released alongside another report, the Cyber Governance Health Check from KPMG which was commissioned by the UK government after the TalkTalk cyber attack last year.

Financial Times

Despite this increase in cyber attacks, UK businesses have not taken the threat very seriously and continue to be under prepared against cyber attacks. Almost half of these businesses do not carry out any audit or risk assessment exercise to identify system weaknesses. Only three in 10 have written cyber security guidelines or polices, and only one in 10 have processes to deal with such incidents.

In a statement, Ed Vaizey Digital Economy Minister said

The UK is a world-leading digital economy and this Government has made cyber security a top priority. Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It's absolutely crucial businesses are secure and can protect data. As a minimum, companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.

Results of the study highlighted that seven out of 10 cyber attacks on UK businesses involved spyware, viruses or malware that could have been prevented. It also showed that only a fifth of UK firms have an understanding of the danger involved in sharing information with third parties.

According to the Cyber Governance Health Check almost half of the FTSE’s 350 businesses consider cyber security to be the biggest threat. But companies are still not treating it as a priority. The report found that the threat of cyber attacks and the issue of cyber security were reaching the boardroom for discussion only on occasion, with 54 percent of the board saying that they heard of it when something went wrong or just bi-annually.

According to David Ferbrache, technical director of the KMPG’s cyber security practice although cyber security has made it to the boardroom for discussions, decisions regarding cyber security measures are being taken using incomplete or partial information.

The UK government is building a comprehensive strategy to help consumers, businesses and its departments to counter this rising threat and has promised investments to the extent of £1.9 billion over the next five years to address the issue of cyber security. The government is also setting up the National Cyber Security Centre which is set to open later this year.

Charlie Harrison

More articles by Charlie Harrison