How UK businesses may be failing on cyber security

Cyber security remains one of the biggest threats to businesses as we head into 2017, but are UK organisations taking the issue seriously enough, especially considering heavy media coverage of recent data breaches?


Earlier this month, Yahoo! admitted that one billion user accounts were compromised in August 2013, making it the largest hack of its kind in history. The beleaguered search engine had already announced earlier this year that the details of 500 million accounts were put at risk in a similar breach in 2014.


The company is just one of many multinational businesses that have fallen victim to increasingly sophisticated cyber criminals over the last few years.


But global enterprises are not the only targets; organisations of all sizes are at risk of financial and reputational damage from poor cyber security practices.

IT departments overburdened

Sadly, a recent survey from Office Depot showed nearly three-quarters (74 per cent) of UK IT managers believe their company isn’t doing enough to combat potential cyber security threats. Furthermore, 81 per cent wanted more time and resources to effectively deal with these problems.


One of the key complaints was that senior IT staff said one-third of their time was spent on low-level hardware and software issues, which prevented them from addressing more complex tasks such as data security.


“Empowering senior IT staff to address the complex challenges posed by cyber security threats and legislation surrounding data protection must be a priority for businesses,” stated head of managed print services at Office Depot Rob Jones.


Office Depot wasn’t the only organisation to highlight the UK’s shortcomings in tackling cyber security problems. RiskIQ research found one-third of businesses in the country don’t have a dedicated cyber security programme across their web, mobile and social media platforms.


This is despite 82 per cent of senior executives claiming they are concerned about vulnerabilities. According to RiskIQ, organisations are therefore missing out on a crucial opportunity to detect cyber security threats before they have a significant impact on the business and its customers.

Are boards aware of risks?

More than 80 per cent of respondents to the RiskIQ study agree cyber security is a boardroom concern, while nine in ten claim the risk of an attack is equal to or more prevalent than five years ago.


Unfortunately, some businesses may overestimate their capabilities, with 88 per cent saying they had ‘good’ or ‘excellent’ cyber security knowledge. However, 25 per cent either didn’t monitor their digital channels for threats or weren’t sure if they did.


Ben Harknett, vice-president of EMEA at RiskIQ, said: “Our research shows that while organisations are advancing their use of digital channels, security is once again playing catch up.


“This lag results in increased digital risk which could impact the success of those channels.”


The biggest concern for businesses was customer data exposure, with 58 per cent of respondents citing this as their top fear. Brand and reputational damage (51 per cent) and phishing and malware attacks (40 per cent) ranked second and third respectively.


Nearly 40 per cent of respondents said cyber security and brand protection problems are preventing them from proceeding with digital initiatives.

A proactive approach to cyber security

The news comes just weeks after the UK government launched a £1.9 billion National Cyber Security Strategy to strengthen the country’s defences against malicious behaviour.


However, organisations must also make their own efforts to address weaknesses within their operations to ensure their data and other assets are protected against cyber criminals.


The cost of security failings continues to grow in the UK, as PwC’s 2015 Information Security Breaches Survey revealed large organisations pay between £1.46 million and £3.14 million to resolve the worst data incidents.


Small and medium-sized businesses are also spending more after breaches, with less serious events costing approximately £75,000, while devastating attacks can require as much as £311,000 to put right.


“With cyber security hot on the agenda, the role of the IT professional has become stretched. Investing in a team and infrastructure to address evolving technology needs now will pay dividends in the long run,” said Mr Jones.


As such, organisations must search for skilled cyber security professionals who can identify and mitigate potential threats. These individuals are highly sought after, with Barclay Simpson research showing earlier this year that 68 per cent of security departments are finding it difficult to recruit.


Businesses may need to ensure they offer attractive remuneration packages and career opportunities to entice the best candidates, but this short-term cost is likely to result in significant long-term gains.


Our Market Reports combine our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.


Image: iStock via kutubQADNFCR-1684-ID-801830502-ADNFCR