New research reveals cyber ignorance putting businesses at risk.
Research has thrown further light on the evolution of cyber security from technical issue to board issue, with the average cost of an attack standing at £330,000. For one in ten UK businesses, according to research by BAE Systems, the cost of cyber attacks are much higher – hitting up to £1 million.
79% of the UK businesses leaders surveyed believe that they have the appropriate security controls in place to defend against cyber attacks. Yet this confidence sits at odds with other findings from the research.
More than half (57%) of those surveyed said they had experienced a cyber attack in the past year, with one in five being in the dark when it came to knowing if their organisation has the right security controls in place. Of further concern is the fact that many of those surveyed who were confident about their defences had not tested their incident response plans for at least six months.
“The research confirms that cyber security is no longer merely a technical issue, but a challenge for the board. Around a fifth of the businesses we talked to said they either didn’t know or weren’t confident that they could return to business as usual within 48 hours of a serious cyber attack,” said Julian Cracknell, Managing Director for UK Services, BAE Systems Applied Intelligence.
“Businesses need to ensure they have the right people, process and tools in place, so when a major incident occurs they are equipped to understand, contain and remediate. If action isn’t taken immediately, the price of cyber ignorance – for the company and the wider economy – could be catastrophic.”
The research findings could not have come at a more apt time, coming a few days after the announcement of a new security HQ in the heart of London. The National Cyber Security Centre, which will be located close to Victoria station in the capital, will be the front line in Britain’s fight against the soaring number of cyber attacks.
“With the amount of cyber attacks increasing by the day, it is no surprise that one in 10 UK businesses would face a loss of £1m if hit by an attack. Criminals seek data and intellectual property to sell, and companies have it – it’s as simple as that,” said Rob Norris, Director of Enterprise & Cyber Security in EMEIA at Fujitsu.
“Attackers will always take the easiest route possible to breach a network so it is vital that organisations across all sectors take the fight to cyber criminals before they can act. While the launch of the new national cyber security centre (NCSC) in London is encouraging, as it aims to ensure the online safety of citizens, businesses and the government, organisations must also take responsibility and be proactive to enable real-time threat reporting and fast solutions before a threat becomes a compromise.
“This should sit alongside a clear and well-rehearsed incident management plan, addressing internal and external communication in addition to containment and recovery activities.”