One in Five UK Firms Hit by Cyber-Attacks Last Year

One in Five UK Firms Hit by Cyber-Attacks Last Year

Some 20% of UK businesses have suffered a cyber-attack over the past year, with larger firms in particular targeted, according to the British Chambers of Commerce (BCC).

The business group surveyed over 1200 firms from all over the country back in January to better understand the scale of the online threat.

It found that 42% of firms with more than 100 staff were hit by an attack, versus just 18% of companies with fewer than 99 employees.

In addition, a sizeable number (21%) said they believe the cyber-threat is preventing them from growing as a business.

Just a quarter (24%) said they have cyber-accreditations in place, although this figure rises to nearly half (47%) of big businesses.

Unsurprisingly, half (49%) of those which do have such schemes in place said they think it gives them a competitive advantage over their rivals, while a third said it’s important to create a secure environment for conducting trade.

BCC director general, Adam Marshall, argued that accreditations can help firms better understand their IT security status, defend against attacks and mitigate any damage caused, as well as increase the confidence of their partners and clients.

“Businesses should also be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don’t adopt the appropriate protections leave themselves open to tough penalties”, he added.

“Companies are reporting a reliance on IT support providers to resolve cyber-attacks. More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cyber-security breach, and increase clarity around the response options available to victims, which would help minimize the occurrence of cybercrime.”

David Navin, corporate security specialist at Smoothwall, urged all firms to elevate cybersecurity to a board-level issue.

“Thanks to where the purse strings lie, a company’s security and IT department need to hit home with its board, CEO, CFO and CTO, ensuring they are educated to the risks and understand the importance of having strong security measures in place,” he argued.

“It is essential to have enterprise grade security solutions in place beginning with firewalls, encryption and good security software. Security needs to be taken seriously at all points of the organization, to ensure that all employees understand the risks of their actions and know the security processes in place should an incident occur, in order to mitigate the risks in the event of a breach.”

Source: Information Security Magazine