Survey: Nearly Half of UK Businesses Suffered Breach, Attack In Past 12 Months
Cybersecurity represents a top priority for many senior managers in the UK, which is reflected in a recent survey conducted by market research company Ipsos MORI.
The Ipsos MORI “Cyber Security Breaches Survey 2017” of 1,523 UK businesses showed 74 percent of respondents said cybersecurity is a “high priority” for senior management.
In addition, 31 percent indicated cybersecurity is a “very high priority,” and 7 percent stated cybersecurity is a “very low priority.”
A Closer Look at the Survey Results
The Cyber Security Breaches Survey revealed nearly all UK businesses are exposed to cybersecurity risks – a trend that appears likely to continue over the next few years.
Key survey findings included:
- 67 percent of survey respondents have spent money on cybersecurity.
- 57 percent have attempted to identify cybersecurity risks to their organization.
- 46 percent are exposed to the cybersecurity risks of bring-your-own-device (BYOD).
- 46 percent have identified at least one cybersecurity breach or attack in the last 12 months.
The survey showed the most common types of cybersecurity breaches involve:
- Staff receiving fraudulent emails (72 percent of cases where businesses identified a cybersecurity breach or attack).
- Viruses, spyware and malware (33 percent).
- People impersonating an organization in emails or online (27 percent).
- Ransomware (17 percent).
Also, businesses that hold electronic personal data on customers are more likely than average to suffer cybersecurity breaches (51 percent versus 46 percent), according to the survey.
Cybersecurity Challenges and Recommendations
The survey indicated UK businesses often face the following cybersecurity challenges:
- Lack of information and guidance. The UK government provides information and guidance to help businesses identify and address cybersecurity threats, but few companies have sought out this support.
- Lack of certification. Many UK businesses use firewalls, patched software and other technical controls to contain cybersecurity threats. Yet few businesses are aware that they can be certified for having a full range of cybersecurity controls in the government-endorsed Cyber Essentials scheme.
- Lack of training. Cybersecurity training is uncommon in most UK businesses and may be offered only to IT staff.
To overcome these cybersecurity challenges, Ipsos MORI offered the following recommendations:
- Raise awareness about cybersecurity dangers. “In addition to having good technical controls and governance measures in place, awareness raising and education across all staff – not just specialist IT staff – is important in helping businesses to avoid the most common breaches,” Ipsos MORI noted in its survey report.
- Empower senior managers with cybersecurity insights. Senior managers frequently serve as cybersecurity decision-makers but fail to understand the consequences of cybersecurity threats. Teaching senior managers about all aspects of cybersecurity can help a business develop cybersecurity best practices.
- Identify cybersecurity risks that fall outside an organization. Most UK businesses do not require suppliers to adhere to specific cybersecurity standards. Businesses need to consider cybersecurity risks outside of their own environments – including risks exposed by customers and suppliers being breached.
Cybersecurity affects UK businesses of all sizes and across all sectors, Ipsos MORI pointed out. Ultimately, businesses that prioritize cybersecurity can discover the best ways to detect and manage cybersecurity threats effectively.