With the release of the results from the latest government surveys, we question if businesses are starting to take the threat of cybercrime seriously.
The Cyber Security Breaches Survey has revealed that two thirds of large UK businesses were hit by a cyber breach or attack in the past year. It’s easy to believe when we read about breaches for the likes of big names like Talk Talk and VTech that the criminals are only after the big boys so small to medium sized businesses are safe. Well, the research reveals that’s simply not the case, as SME’s are fast becoming a hacker’s favourite target.
The contracting arrangements with larger organisations, and the assumption that resources and defences are lower, makes smaller businesses extremely vulnerable to professional criminals, who can often view them as a route to a bigger prize through their connections.
In an aim to improve businesses understanding of cybercrime and help them assess the potential risk of an attack, the government also published The Cyber Governance Health Check survey. The non-technical governance questionnaire was addressed to boards and audit committees of FTSE 350 companies to gain an insight into how these businesses are acknowledging the increasing threat.
The results do show a move in a more positive direction, with an increased awareness and acceptance of the potential impact that a cyberattack could have on a business. However, of the board chairs questioned, less than 49% thought they had a clear understanding of the potential risks.
The key to understanding the risk is to fully understand the value your company information and data has to cybercriminals and one of the most worrying results showed that 60% of company boards rarely or never review their key information and data assets despite expecting cyber risk to increase over the next year or so.
It is essential that you really understand what information you hold, how you protect and share it, and what the impact of losing that information would be to your business, as well as any third parties.
The research also showed that the most common attacks detected involved viruses, spyware or malware so there is a lot that they can be done to protect your business by working with experts to implement firewalls, antispam and phishing protection on your network.
Overall the research has shown that although businesses are starting to take the threat of cyberattacks seriously there is definitely room for improvement. One thing is for sure, it does highlight the fact that it is no longer a case of if your business will experience a cyberattack but when, and the question is what action are you taking to ensure you’re ready.