A worrying number of UK businesses have no formal plan to protect their business from a cyber-attack and the number of companies preparing themselves has not improved from a year ago. This is according to a new survey report from the Institute of Directors (IoD) and Barclays.
Although almost all companies (94 percent) think security of their IT systems is important, however only half (56 percent) have a formal strategy in place to protect their devices and data, unchanged in the last year.
The report, ‘Cyber security: Ensuring business is ready for the 21st century’, shows that despite a number of high-profile cyber-attacks over the last year, more than a third (37 percent) of IoD members lead or work in organizations without a formal cyber security strategy, and in the event cybercrime was to hit their business, 40 percent would not know who to report it to.
The new General Data Protection Regulation, which comes into effect in next May, will make companies much more accountable for their customers’ data. The IoD and Barclays are urging business leaders to step up their preparations now.
The UK Government has made positive steps in the last year to protect business and consumers, particularly by founding the National Cyber Security Centre, the report said. By bringing together several different agencies, and placing the centre within GCHQ, the UK authorities are well-placed to detect and understand cyber threats. For businesses, however, ultimate responsibility will always lie in the boardroom. The report reveals almost half of UK firms (44 percent) don’t have any cyber awareness training for their employees. The IoD is calling on companies to increase cyber training for directors and employees, and run attack simulations, to make sure security systems are robust.
Stephen Martin, Director General of the Institute of Directors, said:
“The UK is a leader in the digital economy, but if we are to build on our existing strengths and capitalise on new technologies, we have to go into the future with our eyes open to the risks. This report has revealed that business leaders are still putting cyber security on the back burner. The results, even for small and medium-sized businesses, could be catastrophic.
“With threats evolving all the time, and demanding new regulations just around the corner, we cannot afford another year of complacency from business. Now is the time for firms to test their defences and make sure all of their employees, including management, have the right skills and knowledge on cyber security. This isn’t an IT issue, it’s a business survival issue.”
