EMEA, Europe

UK Businesses Often Lack Cybersecurity Plans, IoD Survey Shows

Cybersecurity is an important consideration for many UK businesses, yet the majority lack plans to identify and mitigate cyberthreats, according to a recent survey conducted by the Institute of Directors (IoD).

The senior business leadership and entrepreneurship organization found 95 percent of survey respondents consider cybersecurity to be very or quite important to their companies. However, the IoD also indicated 45 percent said they do not have a formal cybersecurity strategy in place.

"This report has revealed that business leaders are still putting cybersecurity on the back burner – and the results, even for small- to medium-sized businesses, could be catastrophic," the IoD wrote in its report.

A Closer Look at the Survey Results

Key findings from the IoD survey included:

  • 44 percent of UK businesses noted they have developed cyber awareness training, but many leave gaps of more than a year between their training program updates.
  • Roughly 40 percent said they do not know who to contact if they are the victim of a cyberattack.
  • Less than one-third stated they use virtual private networks (VPNs).

The number of cybersecurity incidents has increased over the past year, and there are no signs that cyberthreats are going to slow down any time soon, the IoD stated. As such, businesses must create cybersecurity plans and training programs, or risk data loss due to cyberattacks and human error.

"Small, medium and large firms need to consider the best way to protect themselves against what might be the defining challenge for business in the 21st century," the IoD wrote in its report.

Practical Steps to Deal with Cyberthreats

The IoD offered the following steps to help UK businesses deal with cyberthreats:

  1. Prepare for the EU General Data Protection Regulation (GDPR). The GDPR was enacted last year to streamline data privacy laws across Europe. Businesses must comply with the GDPR by May 25, 2018 or could face heavy fines.
  2. Train board members and directors. A cyber awareness training program can teach board members and directors about phishing, ransomware and other cyberthreats.
  3. Run a cyberattack simulation. Senior managers can use a cyberattack simulation to determine the best ways to deal with cyberthreats.
  4. Offer regular cyber awareness training to staff members. All employees should receive periodic cyber awareness training so they can stay up to date on new and evolving cyberthreats.
  5. Examine cloud and server suppliers closely. Collaborate with proven, trusted cloud and server suppliers to minimize the risk of cyberthreats.
  6. Evaluate cyber insurance options. Cyber insurance may prove to be exceedingly valuable to protect a business against liability if it suffers a data breach.
  7. Provide incentives to employees. Offering incentives to employees who identify cyberthreats may help a business reduce the risk of cyberattacks.

Although most of the UK business community knows about cyberthreats, few business leaders understand what it takes to address and mitigate these problems, the IoD noted. But businesses that allocate the necessary time and resources to learn about cyberthreats can embrace new technologies and capitalize on the growing digital economy.

"The digital world presents many opportunities for business, not least reduced costs, often a better customer experience, and an ability to trade globally," the IoD wrote in its report. "These are exciting times, but we must ensure we are secure while we push forward into the 21st century."

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.