- 70% of UK businesses faced a data breach in the past year; 11% dealt with more than 10 attacks
- Over half say human error is a major contributor to security risks
- CompTIA to launch CyberSecure: cybersecurity training for entire organisations to combat preventable data breaches
70 per cent of UK businesses have been subjected to at least one security breach over the past year, with some companies experiencing frequent attacks on their systems, new research has revealed.
The findings come from CompTIA’s International Trends in Cybersecurity, which surveyed over 1,500 organisations of all sizes in 12 countries and 125 based in the UK who self-reported their experiences with security breaches and incidents. The research identifies the key issues affecting businesses when it comes to cybersecurity and how they are addressing these.
Whilst UK businesses are facing less security breaches than the global average (70% compared to 73%), they are dealing with more consistent attacks on their systems, with 11% of British businesses being breached more than 10 times in a year, two percentage points higher than the international average.
Graham Hunter, Vice President, Skills Certification, Europe and Middle East at CompTIA, said of the research: “It is alarming to see that so many UK organisations are facing security attacks. Companies are becoming ever more reliant on computer systems and data, and hackers are aware of this, which is one of the reasons that attacks are increasing. There is valuable data here that attackers can exploit and businesses need to ensure that this information is secure.”
Businesses cannot just focus on the threat of outside data breaches, and a holistic approach must be taken to cybersecurity, focussing both on internal and external risks to data.
Hunter continued: “Although external threats to an organisation’s information must be tackled, it is important not to forget that data is still under risk from inside a company as well. The report highlights this, with 60% of UK responses indicating that human error is a major contributor to security, with general carelessness and IT staff failure to follow policies being the main cause of this.”
The way to combat this is through education, making sure that all of a business’s staff are aware of the value of its data and understand what they need to do to ensure that this information remains safe. To help prevent the increasing number of attacks caused by human error, CompTIA will soon launch its CyberSecure educational programme in the UK. CyberSecure is designed to be a part of HR training programmes and give every employee, from a CEO to office cleaner, a fundamental understanding of cyber security and how their everyday actions could lead to a data breach.
Hunter continued “Focusing on fostering security skills through tools like CyberSecure will enable organisations to be more confident that their staff have the tools needed to prevent documents and personal information falling into the wrong hands.”
Fortunately, organisations are already taking steps to ensure that their data is secure, with the research showing that 66% of those surveyed expect cybersecurity to become a higher priority over the next two years. While many firms are already using some type of security training to improve security knowledge amongst employees, only 27% of organisations rate the training as extremely effective. The introduction of new EU Data Regulations is likely to renew this effort in the near future.
Hunter explained: “The incoming regulations from the European Union will play a big role in how businesses shape their security practices in the future. Once the laws are implemented in spring 2018, companies that are not meeting standards will face heavy fines, meaning UK businesses will have to put security at the top of the agenda going forward and it’s positive to see most are already taking steps to do this.”
“Data threats will continue to plague companies and attackers are always going to be looking for ways to gain access to information and use this against businesses.” Hunter continued. “While this may be unavoidable, steps can be taken to prevent data being accessed or leaked. Businesses must ensure that they have all of the tools and knowledge at their disposal to prevent breaches both externally and internally. CompTIA has developed a number of tools and resources to help businesses achieve security best practice, and improve their security offering to clients.
[su_box title=”About CompTIA” style=”noise” box_color=”#336588″][short_info id=’68723′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.