IT is now part of pretty much every company. This makes it a prime target for hackers, but most organizations are still lacking proper IT security.
A new survey by the British Chambers of Commerce (BCC) shows that 20% of all UK business were hit by cyber attacks in the past year. 42% of them were firms with more than 100 employees and 18% were with fewer than 99 workers.
It gets worse. Only 25% of the surveyed 1285 companies say they have cyber security standards in place like ISO 27001 or the UK’s own Cyber Essentials Scheme. Only 10% of sole traders and 15% of small firms have something like that. Things are a little brighter at big organizations – 47% of them have some cyber security in place. Of the businesses surveyed, 96% were SMEs, 22% operate in the manufacturing sector, and 78% operate in the services sector.
Cyber security is important… to some
More so, 21% of businesses believe that cyber crime can and is preventing their growth. Nearly half of the companies that do have some cyber security in place believe this gives them a competitive advantage. A third see it as an important part to create a secure environment to trade with other companies.
The results indicate that businesses are most reliant on IT providers (63%) to resolve issues after an attack, compared to banks and financial institutions (12%) or police and law enforcement (2%).
Now is the time to act
“Cyber-attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses but costs from disruption to their business and productivity”, Dr Adam Marshall, Director General of the BCC says in a release. “While firms of all sizes – from major corporations to one-man operations – fall prey to attacks, our evidence shows that large companies are more likely to experience them”.
“Firms need to be proactive about protecting themselves from cyber-attacks. Accreditations can help businesses assess their own IT infrastructure, defend against cyber-security breaches and mitigate the damage caused by an attack. It can also increase confidence among the businesses and clients who they engage with online”, he adds.
From May 2018, all UK businesses who use personal data will have to ensure they are compliant with the new General Data Protection Regulation (GDPR) legislation. But it’s not only about the legislation. Businesses also need skilled employees who can set up and then use the needed cyber security accreditations. This is still one of the main challenges for companies to tackle. Without skilled employees, especially in cyber security, they leave themselves exposed to an ever-increasing risk of cyber attacks.