The Government has surveyed UK businesses to find out how they approach cyber security. The 2017 survey again highlights that virtually all UK businesses covered by the survey are exposed to cyber security risks. Since 2016, the proportion with websites (85%) or social media pages (59%) has risen (by 8 and 9 percentage points respectively), as has the use of cloud services (from 49% to 59%). This year’s survey also establishes that three-fifths (61%) hold personal data on their customers electronically.
In this context, three-quarters (74%) of UK businesses say that cyber security is a high priority for their senior management, with three in ten (31%) saying it is a very high priority. The proportion noting it as a very low priority is lower than in 2016 (down from 13% to just 7%) – a change mainly seen among the micro and small business population. IT security experts from ESET, Thales e-Security, Palo Alto Networks and Veracode commented below.
Mark James, IT Security Specialist at ESET:
“There are certainly some positives coming from this report, with cybercrime getting worse year on year it’s good to see companies taking notice and awareness expanding. The only way we are going to fight malware and cyber threats is working together. That means having the right software and or hardware installed and updated, expertise at hand, training and awareness of current threats. Cyber security is everyone’s problem from the smallest corner shop right through to large scale corporations they all form an integral part of its distribution and therefore can help combat it.
With the emphasis on prevention and awareness more people are realising they can help and it’s not just the job of the “IT” department. With so much of our business and personal lives being digital these days we are encountering cyber-attacks in so many more ways, either through our day to-day jobs, social networks, email or web browsing, the attack is relentless. But this report shows we are seeing signs of increased spending in resources, hiring of experienced personnel and a better understanding of how and why we need to invest today to protect tomorrows data, it’s the only way we will win.”
Peter Carlisle, VP of EMEA at Thales e-Security:
“Britain’s businesses simply cannot continue to treat cybersecurity as a box-ticking exercise and risk falling foul to harmful attacks. This study highlights just how vulnerable the business community remains to data breaches.
“Businesses today inevitably confront an increasingly complicated threat landscape and therefore need to invest in privacy-by-design defence mechanisms – such as encryption – to protect valuable data and intellectual property.
“With less than a third (29%) of companies having assigned a specific board member to be responsible for cybersecurity, boards must be more active and view security as a business enabler that facilitates digital initiatives and builds trust between partners and customers, rather than treating cybersecurity as a mere passing thought.”
Greg Day, VP & Chief Security Officer, EMEA at Palo Alto Networks:
“The DCMS annual Cyber Security Breaches Survey 2017 shows that more than one in five (22%) businesses say senior managers never get an update on cybersecurity and, at best, under a fifth (18%) get a quarterly update. This is concerning when we know many business and IT leaders want cybersecurity to be moving up the boardroom agenda in order to address cyber threats. The finding reflects our own research, which highlighted cybersecurity professionals were confident within themselves, but felt it difficult to engage with senior management on cybersecurity issues. To prevent successful breaches today and to prepare UK business for significant changes in security regulations in only 12 months’ time, it is vital that we bring leadership teams together. There are many simple steps that can be taken, including adding more cybersecurity talent on boards and efforts to get both sides talking a common language on the issues involved. We’re confident organisations will rise to the challenge but it is vital they take a preventative approach and that some advance their strategies more aggressively than the DCMS report suggests.”
Chris Campbell, Solution Architect at Veracode:
“While one fifth of British organisations are concerned about their suppliers’ cyber security, just 13 per cent indicated in this year’s Cyber Security Breaches Survey that they require their suppliers to adhere to specific cyber security standards or good practice.
“With web application vulnerabilities acting as the single biggest source of data loss over the past year, it is key that businesses need to be looking beyond the security of their own internally-developed application, to those of their suppliers – especially given that recent research has demonstrated that internally developed applications actually had a better security policy pass rate than those developed by a commercial third party (37 per cent vs 28 per cent).
“However, enforcing cybersecurity standards needn’t aggravate or put greater pressure on suppliers. A number of manufacturing companies that we work with, for example, are using their own security standards to help their suppliers improve their overall application security processes – even paying the third-party licence fee to enable them to become compliant with their company security policy.”