How vulnerable are British businesses to the risk of cyber-threat? How often are networks infiltrated by malicious intruders? The answer according to the government is that business are now more at risk than ever before, and they are encouraging businesses to take proactive steps to protect themselves against those who would exploit their vulnerabilities. Why has this suddenly become such a hot topic? Well, because research commissioned by the Government has revealed that 87 per cent of all UK SMEs and 93 per cent of firms with more than 250 staff had experienced at least one security breach in 2012.
These statistics are taken from the 2013 Information Security Breaches Survey report, published by the Department for Business, Innovation and Skills. The study also found that there was a growing trend in the average number of security breaches UK firms are experiencing. What’s more the report also said that the “average cost of respondents’ worst breach of the year has never been higher”, with large firms’ average worst security breach costing the firm between £450,000 and £850,000, and SME’s on average £35,000-to-£65,000. In some cases individual security breaches cost firms more than £1 million, it claimed.
Obviously it is incumbent of businesses to take every possible precaution to protect themselves and their assets and to put in place reliable and resilient security systems which minimise the risk of security breaches. The majority of businesses will turn to IT intrusion protection experts to secure their networks, however, Pinsent Masons, the law firm behind Out-Law.com is encouraging business to go one step further and to take out insurance policies to cover any potential risk. According to the company’s insurance data risk and cyber liability specialist, Ian Birdsey, the worrying escalation of cyber threat identified in the report should prompt firms to take action to ensure their networks are adequately protected from intrusion and also take out insurance policies to mitigate the risks they would be exposed to in the event of a cyber-attack:
“The report has revealed that just 51 per cent of small businesses in the UK have formal incident response plans in place to follow in the event of a security breach, albeit the figure is up from 40 per cent the previous year,” Birdsey said. “This compares to 94 per cent of large organisations, and indicates that smaller companies, such as those involved in online retail, may be ill-prepared in the increasingly likely event that they are the victims of a cyber-security breach.”
According to the 2013 Information Security Breaches Survey report, businesses in the retail sector on average spend just 3.8 per cent of their IT budgets on security: the lowest percentage of all the listed sectors in the report. At the other end of the scale, it noted that Government bodies and telecoms firms spend 12.6 per cent of their IT budget on security on average. Understanding risk management and addressing the increasing problem of cyber-threat are critical issues that all businesses must address according to the Minister for Universities and Science, David Willets. He claimed that businesses need to take action sooner rather than later to ensure their network security systems are robust and protected from vulnerabilities:
“This year’s survey clearly demonstrates the damage being done to UK companies in cyberspace. Understanding the risks is critical in addressing the challenge of how to manage them. Proactive management of risks represents a competitive advantage; effective cyber security is good for business.”
If your business needs help with security reviews, penetration testing or web security solutions, please contact Krypsys on 01273 044072 or [email protected].