Keep up to date with our blog articles, latest news and industry developments. See below for the latest posts or use the category listings to hone your search for stories of interest.
UK Cyber Security Breaches Survey 2017: cyber security awareness must increase beyond board and IT staff
The UK Cyber Security Breaches Survey 2017 once again indicates widespread senior management awareness of risks, but a lack of training and policies for non-specialist staff.
As part of the National Cyber Security Strategy 2016-2021, the UK Government has published the findings of the Cyber Security Breaches Survey for 2017. The survey results provide an insight into the costs and impact cyber breaches have had on UK businesses, the awareness and attitudes of businesses towards cyber security generally and the approach businesses have taken towards protecting themselves against such risks.
The 2017 study comprised a telephone survey of 1,523 UK private sector businesses selected to be statistically representative of the UK business population, and 30 in-depth interviews.
The findings show the nature and extent of the attacks and breaches being experienced by businesses.
- The average cost of a cyber-security breach for a large business is £19,600, and £1,570 for a small to medium size business.
- 46% of British businesses discovered at least one cyber security breach or attack in the past year, and this figure was greater for medium and larger businesses.
- 72% of reported cases of cyber security breaches occur after a staff member receives a fraudulent email.
- The typical business is likely to experience a small number of breaches in the space of a year, however a select group will be a victim of considerably more.
However, whilst the majority of businesses are more aware at a senior management level that cyber security is a risk, and 74% describe it as a high priority when asked, fewer have actually taken steps to deal with the risk in any formal manner:
- Only a third have a formal cyber security policy.
- Only 20% had staff attend any form of cyber security training and non-specialist staff (those who are not senior management or IT staff) were much less likely to have had any such training.
- Only 13% require their suppliers to comply with specific cyber security standards and good practice.
- Only 11% have a cyber security incident management plan.
This annual UK Government-funded survey again shows that cyber security is a major and costly issue for businesses but that training and policies are not being widely implemented.
Our own experience of training various organisations shows that, despite technical measures such as firewalls, many members of staff do not have an awareness of issues such as ransomware and what to do in the event of a breach.
Non-specialist staff are increasingly likely to be exposed to scams such as CEO fraud (where cybercriminals impersonate executives to get employees to transfer money, confidential information etc.), meaning that a good (but non-technical) awareness of such threats through training, supported by rigorous policies and incident management plans are key aspects of protection for any business against cyber crime. This year’s survey suggests there is much scope for improvement.
To see the full report, please click here.
Disclaimer: This article is produced for and on behalf of White & Black Limited, which is a limited liability company registered in England and Wales with registered number 06436665. It is authorised and regulated by the Solicitors Regulation Authority. The contents of this article should be viewed as opinion and general guidance, and should not be treated as legal advice.