The Government is calling on UK businesses to better protect themselves against cyber crime after new statistics show that over four in ten (43%) businesses and two in ten charities (19%) suffered a cyber breach or attack in the past 12 months.
This figure rises to more than two thirds for large businesses, 72% of which identified a breach or attack.
The most common breaches or attacks were via fraudulent emails – for example, attempting to coax staff into revealing passwords or financial information, or opening dangerous attachments – followed by instances of cyber criminals impersonating the organisation online, then malware and viruses.
And, despite three quarters of businesses (74%) and more than half of all charities (53%) saying that cyber security is a high priority for their organisation’s senior management, a huge proportion of all organisations are still failing to get the basics right.
A quarter (25%) of charities are not updating software or malware protections (27%) and a third of businesses (33%) do not provide staff with guidance on passwords.
Meanwhile, more than one in 10 (11%) of large firms are still not taking any action to identify cyber risks, such as health checks, risk assessments, audits or investing in threat intelligence.
Minister for Digital and the Creative Industries Margot James, said: “We are strengthening the UK’s data protection laws to make them fit for the digital age but these new figures show many organisations need to act now to make sure the personal data they hold is safe and secure.
“We are investing £1.9bn to protect the nation from cyber threats and I would urge organisations to make the most of the free help and guidance available for organisations from the Information Commissioner’s Office and the National Cyber Security Centre.”
In February, the National Cyber Security Centre warned companies to brace themselves for a new wave of highly sophisticated online attacks, due to the organisation’s success in blocking tens of millions of threats against UK businesses over the past year.
NCSC chief executive Ciaran Martin said: “Cyber attacks can inflict serious commercial damage and reputational harm, but most campaigns are not highly sophisticated.
“Companies can significantly reduce their chances of falling victim by following simple cyber security steps to remove basic weaknesses. Our advice has been set out in an easy-to-understand manner in the NCSC’s small charities and business guides.”
However, the survey shows more businesses are now using the Government-backed, industry-supported Cyber Essentials scheme, a source of expert guidance showing how to protect against cyber threats.
Organisations can also raise their basic defences and significantly reduce the return on investment for attackers by enrolling on the Cyber Essentials initiative and following the regularly updated technical guidance on Cyber Security Information Sharing Partnership and the NCSC website.
Information Commissioner Elizabeth Denham said: “With GDPR taking effect in just a few weeks, it’s more important than ever that organisations focus on cyber-security.
“We understand that there will be attempts to breach systems. We fully accept that cyber attacks are a criminal act. But we also believe organisations need to take steps to protect themselves against the criminals. I’d encourage organisations to use the new regulations as an opportunity to focus on data protection and data security.”
Firms warned over new wave of nefarious cyber attacks
Noose tightens on rogue and lax firms as ICO fines soar
Data security chiefs pay soars to €1m as GDPR looms
TNT Express rocked as cyber attack wipes out $300m
WPP hit as new ransomware attack wreaks global havoc
UK firms ‘leaving themselves wide open to ransomware’