In April 2018 The UK Government in conjunction with Ipsos MORI, has surveyed businesses and charities to find out they approach cyber security and help them learn more about the cyber security issues faced by industry.
The overwhelming majority of businesses and charities are reliant on online services, which exposes them to cyber security risks.
Virtually all UK businesses (98%) represented in the survey rely on some form of digital communication or services, such as staff email addresses, websites, online banking and the ability for customers to shop online.
Organisations of all sizes, and a substantive majority of large businesses have been breached or attacked. Those with more potential risk factors are also among the most likely to experience cyber security breaches or attacks.
The majority of businesses (56%) hold personal data on customers electronically. Among these, 47 per cent of businesses have experienced breaches or attacks. Breaches were more often identified among the organisations that hold personal data, where staff use personal devices for work or that use cloud computing.
Senior managers in most businesses and charities prioritise cyber security, but this is still not always matched by action or engagement from senior management teams.
Three-quarters of businesses (74%) say that cyber security is a high priority for their organisation’s senior management. The qualitative survey offers various insights into what makes cyber security a priority, linking it to an organisational culture, and engagement from senior managers: • Staff in organisations that used personal data were typically more aware of the impact that breaches could have on brands and reputation. • Where senior managers were seen to be interested in cyber security, those responsible tended to feel more empowered to take action. • Those that took more action on cyber security tended to see it as complementing rather than competing with their existing strategic priorities, for example by keeping key services running, protecting the finances or protecting reputations.
Organisations should seek out the latest information and guidance, which will help them to implement better cyber security.
Six in ten businesses (59%) have sought any information, advice or guidance in the last 12 months on the cyber security threats they face.
Cyber security is a high priority for most businesses, there are also indications that senior managers are more regularly engaged with the topic than in the 2017 survey. At the same time, there is still a lot that organisations can do better. Just five in ten businesses (51%) have implemented all of the five basic technical controls under Cyber Essentials, comprising: boundary firewalls and internet gateways, secure configurations, user access controls, malware protection, and patch management.
Increased support from senior managers can empower those in charge of cyber security. Despite this management boards for two in ten businesses (20%) have never discussed cyber security, and only a minority of organisations (30% of businesses) have board members or trustees specifically overseeing cyber security. The upcoming implementation of GDPR may be an opportunity for senior managers to address cyber security.
Information, advice and guidance needs to be highly tailored. The qualitative survey shows that businesses want advice that is directed at businesses like theirs. A large number of organisations do not have specialist staff to improve their cyber security, so need to have information simplified and in plain English. Others are much more sophisticated, and want updates on the latest threats.
Seapio help our customers to understand where they are today, we architect their security improvement plan, and guide them along the path to an improved security posture.
If you’ve any questions, we’ve got answers, give us a call.