Cyber breaches are hitting UK businesses according to a recently released commissioned report by the UK Government.
Following the high profile targeting of TalkTalk , Vodafone , Weatherspoons it is no surprise that large businesses are still the focus of cyber breaches …… the underlying message to these businesses is that they need to improve their cyber security programs in order to combat these threats.
Main Report Findings
- 1 in 4 large businesses encountered a breach once a month
- Only one-third of all firms had a written security policy
- Only 10% of all businesses had an incident response plan in place should a cyber attack occur
- 13% of all businesses set cyber security minimum standards for their suppliers
- Only 20% of firms validate the providers of cloud computing services.
- 7 out of 10 of the attacks involved compromises by viruses, spyware or malware
Why has this happened ?
The report also highlighted the fact that many firms do not have cyber security programs in place that are in accordance with government guidance such as the Cyber Essentials Scheme and the “10 Steps Guide to Cyber Security”. This is must be a major concern to the Government as these two measures alone would install a good level of cyber security.
Cyber Essentials is generally more difficult to achieve for larger businesses as their systems tend to involve the use of bespoke software and its management. This certification is geared more to standardized systems which is more akin to SME’s . There is therefore a question here whether Cyber Essentials needs to be adapted to larger businesses?
The report also makes reference to 37% of firms having in place some form of cyber insurance , this is either in the form of extensions to professional indemnity insurance policies or stand alone policy specific cyber insurance policies.
A concern raised by the report is that there is a lack of knowledge about what was covered under a cyber insurance policy and the insurance industry therefore has a role to play in helping businesses understand this form of insurance.
Cyber breaches will continue to impact on businesses unless they have a formal cyber security program in place to protect them from the increasingly sophisticated cyber attacks that can compromise a businesses.