BY James Williams
A “worrying” number of UK businesses have no formal plan to protect themselves from a cyber attack – a position that has improved little since last year – according to a new survey from the Institute of Directors (IOD) and Barclays bank.
The survey, ‘Cyber security: Ensuring business is ready for the 21st century’, reveals that although 94 percent of UK businesses believe that the security of their IT software is crucial for protection, only 56 percent have a system in place to preserve their data and devices.
In addition, only 44 percent of survey respondents said their company provided cyber awareness training schemes for staff, a figure deemed to be a “significant problem”. Pointedly, the survey states that the key cyber security vulnerability is human error, and that such errors become ever more likely in the absence of training or clear guidelines as to what constitutes appropriate good practice.
Furthermore, despite the number of cyber attacks that over the last year, as many as 40 percent of survey respondents admitted that they would not know who to contact to report online fraud – an unawareness which will become much more acute in May 2018 when the new General Data Protection Regulation (GDPR), which makes companies much more accountable for their customers’ data, comes into force.
“Cyber criminals attack systems, data and networks virtually without intervention and traditional defences are no longer adequate”, said Troels Oerting, group chief information security officer at Barclays. “For the financial sector in particular, the game has changed. Barclays has already implemented a strong protection for our business and we will continue to adapt to the rapid change in cyber space.
As part of its bid to tackle the cyber security issue, the UK government has taken a number of positive steps in the last year to protect business and consumers, with the opening of the National Cyber Security Centre (NCSC) one of the more high-profile initiatives. By bringing together several different agencies and placing the NCSC within the Government Communications Headquarters (GCHQ), the aim is that UK authorities will be well-placed to detect and understand cyber threats. That said, the survey makes clear that the ultimate responsibility for businesses in the UK will always lie in the boardroom.
Mr Oerting concluded: “For centuries, society and banks have steered through unprecedented events. Cyber crime is another challenge, and it too can be managed by implementing a strong strategy built on resilience and intelligence.”