New report outlines the need for guidance

Large numbers of businesses and charities in the UK are suffering security breaches, yet have no standard policy for dealing with a cyber-attack.

This is according to a new report released by the Department for Digital, Culture, Media & Sport (DCMS), which highlighted the need for more awareness and technical training.

The survey polled 1,591 businesses and 569 charities from October 2017 through to February of this year.

Results revealed that four in ten (43%) businesses experienced a breach over the past 12 months, with financial losses averaging approximately £9,260.

Most attacks, the report said, were the result of fraudulent emails, followed by instances of cyber-criminals impersonating an organization, then malware and viruses.

The report was produced with the aim of helping safeguard businesses, as data protection becomes a hot topic with the EU’s General Data Protection Regulation (GDPR) launching on May 25.

Margot James, Minister for Digital and the Creative Industries, said: “We are strengthening the UK’s data protection laws to make them fit for the digital age but these new figures show many organisations need to act now to make sure the personal data they hold is safe and secure.”

The Minister also reaffirmed the £1.9 billion investment taken in 2016 to protect the UK against cyber-threats, urging organizations to follow guidance from the Information Commissioner’s Office and the National Cyber Security Centre (NCSC).

At the NCSC CyberUK conference in Manchester earlier this month, The Daily Swig reported on the £50 million investment to improve cyber capabilities of British law enforcement at all levels.

Two new cybersecurity centers have equally shown Britain’s commitment to cracking down on threats, whether from criminals or state-sponsored actors.

But businesses also have a crucial part to play, the DCMS report stated, particularly as most surveyed remain heavily reliant on digital services, which increase the likelihood of attack.

The report found that three-quarters of businesses (74%) and over half of charities (53%) thought that cybersecurity was a high priority for their organization’s senior management.

This, however, was not reflective of a commitment to practicing cyber safety, as only three in ten businesses (30%) and a quarter of charities (24%) employed members of senior management that were responsible for cybersecurity.

This lack of protocol or standards within higher staffing levels saw a trickledown effect – where knowledge of cyber issues or data protection would dissipate among general staff.

A lack of engagement is also significant when careless employees tend to be the source of cyber incidents, research from the Ponemon Institute has found.

Organizations, many of which still fail at updating software (25% of charities) or providing guidance passwords (33% of businesses), have been referred to the NCSC’s 10 steps to cybersecurity to continue their journey towards better practice.