In the last 12 months, two-thirds of large businesses (those with at least 250 employees) experienced at least one cyber attack or breach, according to the government’s Cyber Security Breaches Survey, released in May. Of those businesses, one-fourth experienced a breach at least monthly.
While about one-third of these incidents involved cyber criminals impersonating the organisations and stealing money (ranging from an average of several thousand pounds to a high of £3 million), the majority involved viruses, spyware or malware that were used to steal data or disrupt systems. If businesses are not adequately protected against these cyber threats, they leave their data—including financial and private customer information, bank account numbers and access to social media accounts—vulnerable to cyber criminals.
Yet, while most of these threats could have been prevented using free resources from the government’s Cyber Essentials scheme, only half of all UK businesses have taken any recommended steps to address gaps in their cyber security. And, that is a problem made worse by the finding that only 27 per cent of UK businesses consider cyber security training to be an effective method to prevent attacks, according to research from CompTIA, a global IT industry trade association. However, training is absolutely necessary, since 60 per cent of all security breaches last year were the result of human error, general carelessness or IT staff failures.
To help shore up cyber security for all UK businesses, the government will invest £1.9 billion over the course of the next five years to prevent and address cyber crime. As part of this effort, the government will also develop a new National Cyber Security Centre, which will launch in autumn 2016 and provide UK businesses with cyber security guidance. Also, a new national cyber security strategy, which will outline proposals to improve cyber security, will be published sometime later this year.
In the meantime, there are three simple practices that your business—regardless of size—can implement to bolster your cyber security:
1. Provide all employees with training on how to identify and manage cyber security threats.
2. Implement the guidance outlined in Cyber Essentials.
3. Complete the 10 Steps to Cyber Security, if you are a large business.
Did you know that your cyber cover may be useless if your employees hack your data?
Legal experts are warning that businesses’ cyber cover may be invalidated by insurers if employees hack company data. Most standard cyber and data protection policies only provide cover for first- and third-party liabilities, which means that your company may not be covered for incidents that result from deliberate or criminal behaviour by an employee.
If you are unsure, please contact A-Plan’s commercial team to ask about the limits of your cyber liability policy.