Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

Department for Business Innovation and Skills

Cost of business cyber security breaches almost double

Information security breaches affecting UK business have decreased over the last year but the cost of individual breaches has almost doubled. 

The number of information security breaches affecting UK businesses has decreased over the last year but the scale and cost of individual breaches has almost doubled. 

The Information Security Breaches Survey 2014, commissioned by the Department for Business, Innovation and Skills (BIS) and carried out by PwC, found

  • 81% of large organisations suffered a security breach, down from 86% a year ago
  • 60% of small businesses reported a breach, down from 64% in 2013

Although organisations are experiencing fewer breaches overall, the severity and impact of attacks has increased, with the average cost of an organisations’ worst breach rising significantly for the third consecutive year. For small organisations the worst breaches cost between £65,000 and £115,000 on average and for large organisations between £600,000 and £1.15 million.

The majority of businesses have increased IT security investment over the last year

Universities and Science Minister David Willetts said:

These results show that British companies are still under cyber attack. Increasingly those that can manage cyber security risks have a clear competitive advantage. Through the National Cyber Security Programme, the government is working with partners in business, academia and the education and skills sectors to equip the UK with the professional and technical skills we need for long-term economic growth.”

Andrew Miller, cyber security director at PwC, said:

Whilst the number of breaches affecting UK business has fallen slightly over the past year the number remains high and in many companies more needs to be done to drive true management of security risks. Breaches are becoming more sophisticated and their impact more damaging. Given the dynamic nature of the risk, boards need to be reviewing threats and vulnerabilities on a regular basis. As the average cost of an organisation’s worst breach has increased this year, businesses must make sure that the way they are spending their money in the control of cyber threats is effective. Organisations also need to develop the skills and capability to understand how the risk could impact their organisation and what strategic response is required.”

70% of companies that have a poor understanding of security policy experienced staff related breaches, compared to only 41% in companies where security is well understood. This suggests that communicating the security risks to staff and investing in on going awareness training results in fewer breaches.

The survey also found that there has been an increase in the number of businesses which are confident that they have the skills required within their organisations to detect, prevent and manage information security breaches, up to 59% from 53% last year.

Ensuring that we have the cyber skills capability to meet the evolving needs of businesses is a key objective of the UK’s National Cyber Security Strategy. Earlier this year (2014), the government unveiled a raft of new proposals to meet the increasing demand for cyber security skills. These include a new higher-level apprenticeship, special learning materials for 11 to 14 year-olds and plans to train teachers to teach cyber security.

Earlier this year (2014) the government launched a new scheme to help businesses stay safe online. Cyber Essentials provides clarity to organisations on what good cyber security practice is and sets out the steps they need to follow, to manage cyber risks. From this summer (2014) organisations that have complied with the best practice recommendations will be able to apply to be awarded the Cyber Essentials Standard. This will demonstrate to potential customers that businesses have achieved a certain level of cyber security and take it seriously.

The press release can be found here

Advertisements

Small firms lose up to £800 million to cyber crime a year

New research from the Federation of Small Businesses (FSB) shows that cyber crime costs its members around £785 million per year as they fall victim to fraud and online crime.

The report shows:

  • 41% of FSB members have been a victim of cyber crime in the last 12 months, putting the average cost at around £4,000 per business.
  • Around 30% have been a victim of fraud, typically by a customer or client (13%) or through ‘card not present’ fraud (10%).

For the first time, the FSB has looked at the impact that online crime has on a business. The most common threat to businesses is virus infections, which 20% of respondents said they have fallen victim to; 8% have been a victim of hacking and 5% suffering security breaches.

The FSB is concerned that the cost to the wider economy could be even greater as small firms refuse to trade online believing the security framework does not give them adequate protection. Indeed, previous FSB research shows that only a third of businesses with their own website use it for sales.

The report also finds:

  • almost 20% of members have not taken any steps to protect themselves from a cyber crime
  • 36% of respondents say they regularly install security patches to protect themselves from fraud
  • almost 60% regularly update their virus scanning software to minimise their exposure to online crime

In response to this, the FSB has developed 10 top tips for small firms to make sure they stay safe online

  1. Implement a combination of security protection solutions (anti-virus, anti-spam, firewall(s))
  2. Carry out regular security updates on all software and devices
  3. Implement a resilient password policy (min eight characters, change regularly)
  4. Secure your wireless network
  5. Implement clear and concise procedures for email, internet and mobile devices
  6. Tran staff in good security practices and consider employee background checks
  7. Implement and test backup plans, information disposal and disaster recovery procedures
  8. Carry out regular security risk assessments to identify important information and systems
  9. Carry out regular security testing on the business website
  10. Check provider credentials and contracts when using cloud services

Launching the report at an event in London today, Mike Cherry, National Policy Chairman, Federation of Small Businesses, said:

Cyber crime poses a real and growing threat for small firms and it isn’t something that should be ignored. Many businesses will be taking steps to protect themselves but the cost of crime can act as a barrier to growth. For example, many businesses will not embrace new technology as they fear the repercussions and do not believe they will get adequate protection from crime. While we want to see clear action from the Government and the wider public sector, there are clear actions that businesses can take to help themselves.

“I encourage small firms to look at the 10 top tips we have developed to make sure they are doing all they can. We want to see the Government look at how it can simplify and streamline its guidance targeted specifically at small firms and make sure there is the capacity for businesses to report when they have been a victim of fraud or online crime

James Brokenshire, MP Parliamentary Under Secretary for Security, Home Office, said:

Having personally been involved in the cyber security debate for several years now, I am pleased that the Home Office is working with the FSB to highlight the current experiences of small businesses.

“Cyber security is a crucial part of the Government’s National Cyber Security Strategy and we need to make sure that all businesses, large and small are engaged in implementing appropriate prevention measures in their business. This report will help give a greater understanding of how online security and fraud issues affect small businesses, giving guidance as well as valuable top tips to protect their business

David Willetts, MP Minister for Universities and Science, Department for Business, Innovation and Skills

The Department for Business, Innovation and Skills (BIS) published guidance in April 2013, ‘Small businesses: what you need to know about cyber security’, based on our comprehensive ‘10 Steps to Cyber Security’ guidance. This guidance sets out the current risks, how to manage these, and plan implementation of appropriate security measures.

“We know only too well of the importance of securing buy-in from both big and small business in implementing appropriate protection against cyber risks – business success can depend on it. Increasing security drives growth.

“I support all efforts, like the FSB’s, to provide clarity on the issues small businesses are facing, and more importantly, what they can do about them. I urge all small businesses to follow the FSB’s advice

.

Blog at WordPress.com.

Up ↑

%d bloggers like this: