The Government has surveyed UK businesses to find out how they approach cyber security. The 2017 survey again highlights that virtually all UK businesses covered by the survey are exposed to cyber security risks. Since 2016, the proportion with websites (85%) or social media pages (59%) has risen (by 8 and 9 percentage points respectively), as has the use of cloud services (from 49% to 59%). This year’s survey also establishes that three-fifths (61%) hold personal data on their customers electronically.
In this context, three-quarters (74%) of UK businesses say that cyber security is a high priority for their senior management, with three in ten (31%) saying it is a very high priority. The proportion noting it as a very low priority is lower than in 2016 (down from 13% to just 7%) – a change mainly seen among the micro and small business population. IT security experts from ESET, Thales e-Security, Palo Alto Networks and Veracode commented below.
Mark James, IT Security Specialist at ESET:
With the emphasis on prevention and awareness more people are realising they can help and it’s not just the job of the “IT” department. With so much of our business and personal lives being digital these days we are encountering cyber-attacks in so many more ways, either through our day to-day jobs, social networks, email or web browsing, the attack is relentless. But this report shows we are seeing signs of increased spending in resources, hiring of experienced personnel and a better understanding of how and why we need to invest today to protect tomorrows data, it’s the only way we will win.”
Peter Carlisle, VP of EMEA at Thales e-Security:
“Businesses today inevitably confront an increasingly complicated threat landscape and therefore need to invest in privacy-by-design defence mechanisms – such as encryption – to protect valuable data and intellectual property.
“With less than a third (29%) of companies having assigned a specific board member to be responsible for cybersecurity, boards must be more active and view security as a business enabler that facilitates digital initiatives and builds trust between partners and customers, rather than treating cybersecurity as a mere passing thought.”
Greg Day, VP & Chief Security Officer, EMEA at Palo Alto Networks:
Chris Campbell, Solution Architect at Veracode:
“With web application vulnerabilities acting as the single biggest source of data loss over the past year, it is key that businesses need to be looking beyond the security of their own internally-developed application, to those of their suppliers – especially given that recent research has demonstrated that internally developed applications actually had a better security policy pass rate than those developed by a commercial third party (37 per cent vs 28 per cent).
“However, enforcing cybersecurity standards needn’t aggravate or put greater pressure on suppliers. A number of manufacturing companies that we work with, for example, are using their own security standards to help their suppliers improve their overall application security processes – even paying the third-party licence fee to enable them to become compliant with their company security policy.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.