A new study, Cyber Security: Underpinning the Digital Economy, was released on 3rd March 2016 by the Institute of Directors (IoD) and Barclays at the IoD headquarters. The survey, which had some very interesting results, included nearly 1000 IoD members and showed a worrying gap between awareness of the risks and business preparedness.
According to the survey, the UK leads the world in terms of percentage of the economy that is online, 12.5%. While the UK is strong when it comes to e-commerce and digitising ventures, businesses are not taking cyber security seriously enough. Today, it is a matter critically important to ensure the running of a business and government.
The panel discussion on the day, which included people like Dr. Jamie Saunders, Director of the National Cyber Crime Unit, Rt Hon Matt Hancock MP, Minister for the Cabinet Office and Paymaster General and Paul Gillen, head of the cyber security operations centre at Barclays, was an interesting and lively one and brought forth key trends in the industry. Going forward, more high profile attacks were predicted for 2016. The use of cyber insurance by companies was seen to be growing.
More importantly, when asked for solutions to this growing menace, one of the key things mentioned was how cyber security should be a discussion topic in the boardroom and not just seen as an IT problem. Education, for businesses on how to protect themselves as well as specialist knowledge being given to students, must be given primary importance. On this, Mr. Matt Hancock announced the Cyber First programme, a huge initiative by the government aiming to equip 1000 students by 2020 with cyber security skills.
Interestingly, the term ‘cyber’ itself was discussed and how it is used in mainly negative connotations. I prefer the all-encompassing term ‘information security’ myself.
The report further reveals that companies were keeping quiet, even though half of the attacks resulted in interruption of business. 7 in 10 firms said they had been sent fake invoices via email. Furthermore, 9 in 10 business leaders said cyber security was important, but only half had a formal strategy to protect themselves and only 2 in 10 had any form of cyber insurance.
Shockingly, 7 in 10 members had never heard of Action Fraud Aware, the UK’s national reporting centre for fraud and internet crime. 43% didn’t know where their data was physically located.
The IoD warned against a ‘cyber paradox’, stating that while business will increasingly take place online, companies will no longer feel confident in their data being secure.
Over the course of the previous year, 74% of organisations reported a loss. The panellists jokingly mentioned how the remaining 26% are yet to discover that they too, in fact, have been attacked and compromised. The average cost of an attack to a large organisation is £1.5 million, while the average cost faced by SMEs is somewhere around £300,000.
Probably the most shocking statistic that came out was the fact that the average time to detect an attack is 200 days. So even if companies try and get proactive, they might discover they have been attacked long after the attacker is gone from their systems. The only way to bring that number down is through proactive and live monitoring of all systems and information assets.
Some of the actions that businesses can take to get cyber smart include creating a cyber security strategy, raising awareness amongst staff, through training and education, of the different methods used to commit cybercrime, installing software that keeps them and their customers’ details safe and investing in cyber insurance that includes reputational damage as well.
While most of these methods are reactionary, one of the most important thing any organisation can do is to have a 24/7 vision on their business activities from a security perspective. One such service, provided by Transputec, gives 24/7 security assurance to businesses big and small.
2016 promises to be an interesting year, with newer technologies coming into focus such as Virtual Reality (VR) or the Internet of Things (IoT). Cyber attackers too, are finding new and unique ways of compromising businesses and committing fraud. Cyber Security is an issue that must be at the forefront of every board discussion.
If you want to know more about how you can secure your business or reduce the time for cyber threat detection, please go to our Security Page. To discuss this more, feel free to contact me at firstname.lastname@example.org or on 0208 584 1400.