A new study from B2B market research company Circle Research, has revealed that numerous UK businesses are at high risk of suffering a cyber attack and many more are not prepared to deal with an attack. In this article, I will explain the potential risk for UK businesses, common weaknesses in current cyber security and how they might be overcome.
Cyber security breaches can have huge consequences for businesses by damaging their reputation, and the financial implications can be just as devastating. According to government figures released last year, the average cost to a business of a severe online security breach had more than doubled to £1.46million.
Our study reveals that a massive 78% of UK companies have experienced an increase in cyber attacks over the last 12 months and that many senior cyber security professionals believe that the threat is growing. According to those interviewed the increasing availability of attack software and a growing sophistication in the approach used by attackers means that businesses must continually update their approach to cyber security in order to keep data protected.
Of the IT Directors, CIOs, CTOs and Heads of Security that took part in the research, two thirds (64%) said that their organisation had experienced a security incident in 2015, whilst 42% told researchers that they had experienced more than one incident in the year. But the shocking statistics don’t stop there as 13% of interviewees said that their oganisation had been a victim to more than 10 separate security incidents over the last year.
There are four main threats to a business: phishing (experienced by 57%), Trojans (experienced by 32%), patch exploitation (experienced by 26%) and distributed denial of service (DDoS) attacks (experienced by 21%). Despite knowing about these attacking methods, nearly one quarter (23%) of businesses surveyed have lost customer data as a result of these tactics.
These methods are underpinned by one main factor: the very people working in the organisations that are being attacked. The human threat is particularly high when dealing with culture-based attacks, such as phising and Trojans - in fact 44% of companies admitted that they feel particularly vulnerable to this type of attack.
So what can be done to minimise threats and keep the attackers at bay you might ask?
50% of businesses advocate increasing staff training and 20% recommended an internal policy of increased awareness to ensure that staff are updated regularly as threats evolve and develop. The research also highlighted that nearly half (49%) of all businesses are operating without cyber liability insurance cover (CLIC), which could prove to be invaluable in the event of a cyber attack. Although CLIC insurance can only compensate businesses for the financial impact of an attack, having the insurance in place can act as significant reassurance to clients and aid a business’ reputation.
But perhaps most importantly, 99% of businesses feel that sharing cyber security experiences with other businesses will become one of the most effective ways to combat the growth and spread of the threat that it poses. Hackers work together to attack the business community. Perhaps now it’s time for us to fight back with a unified front.
By Andrew Dalglish, Co-founder of Circle Research