A recent report by the Institute of Directors (IoD) based on a survey by the IoD and Barclays showed:
- 95% of respondents consider cyber security to be very or quite important to their business, and yet 45% lacked a formal cyber security strategy
- Resp[ondents were aware of the threat presented by cyber crime, particularly on mobile and tablets however just over half have protected all of their devices, and less than a third use Virtual Private Networks (VPNs)
- If the victim of an attack some 40% would not know who to contact. This will become all the more relevant with new European General Data Protection Regulation (GDPR)
- Two-thirds had taken government advice to use a variety of different passwords and a similar number use cloud software
- Only 44% had laid on cyber awareness training, and many left gaps of more than a year between their training programmes
- 73% had a process in place when receiving invoices and requests for electronic payments to verify their legitimacy
The report says:
“Over the last 12 months, the number of cyber security incidents has continued to increase, and more and more it is being demonstrated that it isn’t just ‘the usual suspects’ being attacked. From Lincolnshire County Council to Tesco Bank, it’s clear that cyber security is an issue for just about every organisation. With new legislation in the form of the EU’s GDPR on the way, firms must ensure that they’re equipped for the 21st century.”
The report quotes Marc Dautlich, data legislation partner, Pinsent Masons LLP
“Today, many personal data breaches in the UK go unreported by businesses. In jurisdictions that already have mandatory breach reporting requirements, such as the US, unprepared directors have found themselves losing their job after a breach for failing to give adequate attention to the issue, and therefore letting down their stakeholders, damaging their business’s reputation, and exposing it to regulatory and legal sanctions. The mandatory requirement to report security breaches will bring an increased risk of quasi ‘class action’ lawsuits in the UK. Furthermore, negative publicity tends to drive regulators to use their powers in a more robust way: under General Data Protection Regulation they will have power to award substantial fines to UK businesses.”
The report is available to download by clicking here.
What can YOUR firm do to be more cyber resilient?
- Conduct a Full security audit
- Have Cyber Essentials or Cyber Essentials Plus
- Develop a cyber security strategy
- Have cyber security policies
- Develop and deliver a staff awareness programme
All of these are considerable work and require a high level of knowledge and expertise, Most firms do one of two things – either they don’t bother or they outsource to an external firm. Alchemy Systems can help you with any or all of them and more besides.