[BreachExchange] Four in 10 UK firms suffer cyber attack in last year
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Apr 26 19:00:12 EDT 2018
http://www.fstech.co.uk/fst/Government_Cyber_Security_
Breaches_Survey_2018.php
Over 40 per cent of businesses experienced a cyber security breach or
attack in the last 12 months, according to a new report from the Department
for Digital, Culture, Media and Sport.
The Cyber Security Breaches Survey 2018 was carried out among 1,519 UK
businesses, with 50 in-depth follow-up interviews, finding that three
quarters of businesses have made cyber security a high priority for their
senior management.
However, only 27 per cent actually have formal cyber security policies in
place. Breaches were more often identified among the organisations that
hold personal data, where staff use personal devices for work or that use
cloud computing.
Of all the organisations that experienced breaches or attacks, the most
common impacts were needing new measures against future attacks (36 per
cent), requiring extra staff time required to deal with the breach (32 per
cent) and staff being stopped from carrying out day-to-day work (27 per
cent).
Typically, organisations incur no specific financial cost from cyber
security breaches, although where breaches do result in a material outcome,
the costs can be significant. For medium-sized businesses (50 to 249
employees) the average cost was £16,100 and for large businesses (250
employees or more) the average cost was £22,300.
Despite many organisations stating that cyber security is a high priority,
just 30 per cent have board members or trustees with responsibility for
cyber security. One in five businesses also admitted to never updating
their senior managers on cyber security issues.
The research concluded that businesses need to consider their
organisational cultures – even those which see themselves as offline, or
too small to be at risk. “The qualitative survey suggests that
organisations take more action on cyber security when they see it as
complementing their organisational priorities, rather than competing with
them,” read the report. “They take less action when they think it will be a
burden to implement cyber security controls, or when they have a fatalistic
attitude towards cyber security.”
As in 2017, the most disruptive breaches are most commonly spotted by
individual staff members rather than picked up automatically by
anti-malware programmes. However, staff training remains rare, with just 20
per cent of businesses requiring staff to undertake any form of cyber
security training in the past year.
Earlier this week, a report from UK Finance and KPMG suggested the threat
of cyber crime cannot be mitigated just by spending more money, but rather
by increased collaboration to render cyber criminals’ markets, tools and
systems ineffective.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180426/fbc0b400/attachment.html>
More information about the BreachExchange
mailing list