BCC: 42% of big businesses hit by cyber security attacks

Cyber security incidents affect every business, and the threat is only increasing as criminals find innovative ways of circumnavigating defences. 

While all organisations are at risk, new research from the British Chambers of Commerce (BCC) indicates that large companies are the most likely to suffer the financial and reputational damage associated with a breach. 

All organisations at risk

BCC figures show that one-fifth of the 1,200 businesses polled said they had fallen victim to a cyber attack within the last 12 months. However, the results were heavily skewed towards big businesses; 42 per cent of enterprises with more than 100 staff reported an incident. 

This compared with just 18 per cent of respondents whose business employed fewer than 100 people. Overall, 21 per cent of those surveyed believed cyber security issues were having a direct impact on organisational growth. 

“Cyber attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses but costs from disruption to their business and productivity,” said BCC director-general Dr Adam Marshall. 

“While firms of all sizes – from major corporations to one-man operations – fall prey to attacks, our evidence shows that large companies are more likely to experience them.”

Responding to an incident

According to the survey, the majority of businesses (63 per cent) turn to an IT service provider to help them recover after a breach, while just two per cent report the matter to the police. Twelve per cent ask their bank or financial provider for help. 

Meanwhile, less than one-quarter of organisations have cyber security accreditations in place, with the figure dropping to just 15 per cent for businesses with between one and four employees. 

The news comes soon after the UK government published a new report into cyber security breaches in the country, which revealed that nearly three-quarters of business leaders feel it is a high-priority issue. 

Nevertheless, only 11 per cent had an incident management plan implemented, while just one-third had a formal policy addressing cyber risks. 

The GDPR looms

Dr Marshall said more businesses are likely to evaluate their cyber defences over the coming months as they prepare for the introduction of the General Data Protection Regulation (GDPR) in May 2018. 

“Firms that don’t adopt the appropriate protections leave themselves open to tough penalties,” he warned. 

The fines for contravening the GDPR could equal four per cent of revenue or €20 million (£17.2 million), whichever is higher. 

The Information Commissioner’s Office has already announced that it will be hiring 200 new staff in order to help businesses comply with the regulation. 

Do organisations need more help?

Dr Marshall believes organisations should receive more guidance from police and the government on how to respond when breaches occur. 

His comments take on new relevancy in the wake of the international WannaCry ransomware attack that struck a number of high-profile names, including the UK’s NHS. 

The government’s Cyber Security Breaches Survey found that just four per cent of organisations have sought information from public sector agencies regarding attacks on their systems, indicating awareness remains a problem. 

“Accreditations can help businesses assess their own IT infrastructure, defend against cyber-security breaches and mitigate the damage caused by an attack,” Dr Marshall stated. 

Organisations can also strengthen their defences by recruiting cyber security experts with the right skills and experience to tackle increasingly sophisticated threats. 

Our 2017 Market Report combines our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.

Image: weerapatkiatdumrong via iStock