Two-fifths of UK Firms Suffered Attack or Security Breach in 2017
Some 43% of UK businesses have experienced a security breach or cyber-attack in the past 12 months, a slight drop from a year previously, according to the latest government research.
The Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2018 is comprised of interviews with over 1500 UK businesses and 50 follow-up in-depth interviews.
Although the figure dropped overall for firms hit by a breach or attack, from 46% last year, it rose from 68% to 72% for large businesses.
Breaches were found to be more common among organizations holding personal data on customers (47%), where BYOD policies operate (49%) or where they use cloud computing.
The average cost per breach has increased consistently over the past three years and now stands at over £22,000 for large businesses, according to the study.
Of concern given the impending arrival of the GDPR, is that despite most senior management (74%) saying they prioritize cybersecurity, just 30% have a dedicated board member responsible for security and 20% never update their senior managers on cybersecurity issues.
In this regard, not much has changed from the previous year, according to the government.
Also worrying is the fact that only 20% of respondents claimed to have sent staff on internal or external cybersecurity training courses in the past 12 months, while 10% even claimed that those currently in cybersecurity roles don’t have the skills required to do their jobs effectively.
Unfortunately, awareness of government initiatives and communications around cybersecurity remains low. Just 3% recalled using government information, advice or guidance, with most organizations unaware of most initiatives,” said McAfee chief scientist, Raj Samani.
“Given that 84% of organizations that used government resources found the information useful, it is clear that more needs to be done to promote their use. With such a wealth of information and partnerships with leading security providers, it is imperative that more is done to promote and educate businesses on what resources they have and how it can help.”
Source: Information Security Magazine