The Government appears to be losing patience with UK businesses’ lax approach to cyber security after new figures show a huge rise in online attacks, which – it claims – could have been prevented if firms had signed up to the Government’s Cyber Essentials scheme.
According to government research, two-thirds of large businesses experienced a cyber breach or attack in the past year and in some cases the cost to business reached millions of pounds.
However, it points out that the most common attacks detected involved viruses, spyware or malware that could have been prevented using the Government’s scheme.
The Cyber Security Breaches Survey found that while one in four large firms experiencing a breach did so at least once a month, only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.
Minister for the Digital Economy Ed Vaizey said: “The UK is a world-leading digital economy and this Government has made cyber security a top priority. Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data. As a minimum companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.”
Results from the survey are being released alongside the Government’s Cyber Governance Health Check, which was launched following the TalkTalk cyber attack. It found almost half of the top FTSE 350 businesses regarded cyber attacks as the biggest threat to their business when compared with other key risks – up from 29% in 2014.
The Health Check also found that only a third of the UK’s top 350 businesses understand the threat of a cyber attack and only a fifth have a clear view of the dangers of sharing information with third parties.
However, it is not all doom and gloom: many firms are getting better at managing cyber risks, with almost two-thirds now setting out their approach to cyber security in their annual report, the study showed.
Both surveys form part of the Government’s approach to tackling cyber crime, which will see £1.9bn invested over the next five years.
Even so, there has been criticism that the Government’s £20m initiative to raise awareness of cyber threats among consumers and small business has had virtually no impact.
The Government is encouraging all firms to take action: the 10 Steps to Cyber Security provides advice to large businesses, and the Cyber Essentials scheme is available to all UK firms. It is also creating a new National Cyber Security Centre offering industry a ‘one-stop-shop’ for cyber security support.
A new national cyber security strategy will also be published later in 2016 setting out the Government’s plans to improve cyber security for Government, businesses and consumers.
Related stories
£20m Govt campaign fails to flag up online risks