Get clued up on Cyber Security
We look at the results from the ‘Cyber Security Breaches Survey 2017’ to discover just how important cyber security is to your business
Often, smaller companies believe that they are less likely to be a target of attacks, However, as larger companies bulk up and improve their network security, hackers are increasingly focusing on small and medium-seized businesses.
Just under half (46%) of all UK businesses identified at least one cyber security breach or attack in the last 12 months. This rises to two-thirds among medium firms (66%) and large firms (68%).
Overall, businesses that hold electronic personal data on customers are more likely on average to have had breaches (51% versus 46%). Nonetheless, breaches are still prevalent among organisations whose senior managers consider cyber security a low priority (35%), and in firms where online services are not at all seen as core to the business (41%).
The most common types of breaches are related to staff receiving fraudulent emails (in 72% of cases where firms identified a breach or attack). The second most common types of breaches/attacks related to viruses, spyware and malware (33%), people impersonating the organisation in emails or online (27%) and ransomware (17%). This highlights how, as well as ensuring the awareness and vigilance of all staff, having good technical measures in place are extremely important to a business’s cyber security.
3 in 5 (58%) of businesses have sought information, advice or guidance on the cyber security threats facing their organisations over the past year.
Cyber security remains a high priority for the heads of a large majority of UK businesses. Three-quarters (74%) say it is either a very high (31%) or fairly high (43%) priority for their senior management.
Where businesses say cyber security is a low priority for their senior managers, the main reason given for this is a sense that it is not relevant to their organisation (37%). Nonetheless, 3 in 10 (29%) of the businesses giving this reason also say they have had a breach or attack within the last 12 months, highlighting that their risk perception may be different from the reality.
Other common reasons centre around businesses thinking they have nothing of value to attackers. 3 in 10 of those who say it is a low priority for senior management say this is because they do not have online services (29%) and 2 in 10 feel they have nothing worth breaching (22%).
“We keep electronic records of orders. I keep addresses and contact numbers. I do not keep any card information on my system … so I don’t think cyber-attacks are much of a risk.” Medium business
Lack of value attached to data was also a common theme. Businesses who did not hold customers’ bank details or other personal data often struggled to understand why their electronic data would be sought by anyone outside the business, so not considering themselves at risk. However, other businesses challenged this notion, highlighting that the specific threat of ransomware meant that all electronic data has become valuable.
Breaches were often linked to human factors, highlighting the importance of staff awareness and vigilance. However, few businesses currently provide staff with cyber security training (20%) or have formal policies in this area (33%). Technical controls are also important, with 9 in 10 businesses regularly updating their software and malware protections, configuring firewalls or securely backing up their data, but only around two-thirds (69%) having guidance on acceptably strong passwords.
While high-turnover businesses may have more money to carry out their cyber security functions inhouse, the findings actually suggest that high turnover businesses are more likely to outsource cyber security. 7 in 10 (69%) of firms with annual sales of £2 million or more have an outsourced provider, versus 4 in 10 (41%) of those with sales of under £2 million.
There were several key reasons given as to why businesses outsourced security providers:
- Various businesses noted that they had historically outsourced their IT function, and as cyber security had grown as an issue, it was natural to add this on to the existing IT contract, with a provider that they already trusted.
- Some businesses felt they had an outsourced business model, where they wanted to maintain as few core staff as possible, so did not have the budget or office space to carry out cyber security in-house.
- Several businesses noted that their UK office operated on office hours, but because they had several international clients, they needed 24-hour cyber security. In this context, outsourcing was the solution.
- Some firms carried out as much of their IT function as they could in-house, but still needed to use specialist IT consultants for specific issues. For example, one wholesaler contracted specialists to look specifically at their server security (for instance, to recommend hardware firewalls).
The results from the survey align closely with Pinacl’s belief that no business is too small or insignificant to be at risk from cyber attacks. Every solution Pinacl deploys has security at the heart of the design. We use Next Generation firewalling, user authentication, end-point control, traffic separation and advanced reporting to ensure that every point of the network, whether wired or wireless, is included in the overall security policies of the business.
For information on our security solutions contact us on 01745 535300
- Global Delivery
- Project Management
- The Internet of Things
- Smart Places
- Managed WiFi
- Dark Fibre
- Managed Network Infrastructure
- Managed Services
- Wireless Office
- Digital Transformation
- Professional Services
- Managed LAN
- Public WiFi
- Stadium WiFi
- Property Management
- Social Housing