Last updated: 04.09.17

Are British businesses sufficiently prepared for the threat of cyber attacks?

The rapid evolution of technology over the last few years means that more organisations than ever before are now reliant on digital data and sophisticated IT systems to aid the running of their day-to-day operations. Naturally, this has led to countless advantages - but it has also created numerous potential risks.

Among these, the most prominent danger is unquestionably the threat of cyber attacks and data breaches, with criminals developing ever more sophisticated tools for bringing down crucial systems and gaining access to confidential information. Falling victim to this kind of attack can result in significant disruption, financial losses and potentially irreparable reputational damage.

Of course, these facts are widely known by most British businesses - and yet, evidence continues to suggest that many companies are still falling short when it comes to protecting themselves against cyber attacks. With criminal activity on the rise, it is becoming increasingly vital that bosses take action now, or risk paying a high price.

Failing to back up intent with action

The scale of the current problem was recently highlighted by a UK government report that surveyed the UK's 350 biggest companies as part of a yearly cyber health check. Although 54 per cent recognised cyber threats as a leading business risk, 68 per cent of boards said they had not received any training on how to deal with a cyber incident.

Moreover, only 31 per cent of boards had received any comprehensive cyber risk information, while ten per cent are operating without any response plan for a cyber incident in place.

Charities just as vulnerable as businesses

The Department for Digital, Culture, Media and Sport pointed out that it is not just private sector businesses that are vulnerable to cyber attacks, as many charity organisations are also failing to take their data protection responsibilities seriously enough.

Many of the charity staff surveyed confessed to not being well-informed on the subject, with even those in charge of cyber security neglecting to proactively seek out information. Instead, they rely on outsourced IT providers to deal with threats - despite recognising the importance of protecting the personal data of donors or service users.

Lack of preparation for new regulations

The continued risk that cyber attacks pose to organisations of all kinds has prompted lawmakers to introduce new legal measures to tackle the problem, including the Europe-wide General Data Protection Regulation (GDPR), which comes into effect on May 25th 2018.

With GDPR set to also become part of British law via a new Data Protection Bill, it is essential for all UK organisations to conform to the new regulations. The cyber health check report revealed that 97 per cent of firms are aware of the legal change, but also that many are not yet ready. Some 71 per cent said they were only somewhat prepared to meet the GDPR requirements, with only six per cent being fully prepared, while a mere 13 per cent said GDPR was regularly considered by their board.

Taking steps towards improvement

Despite some of the concerning trends highlighted, the report also offered some cause for encouragement. For example, 53 per cent of company boards are now setting out their approach to cyber risks - up from 33 per cent last year - while 57 per cent now have a clear understanding of the impact of a cyber attack, up from 49 per cent in 2016.

Clearly, awareness of the need for a more holistic approach to developing IT security systems, policies and guidelines is emerging, but in order for this to be translated into tangible benefits, organisations need to educate themselves and their staff further.

The government is looking to aid this process by offering free online advice and training schemes to help businesses protect themselves, but bosses should also be looking to take the initiative by looking at ways to overhaul their security culture and the way they protect key data assets, backed up by training to ensure they have the buy-in of staff at all levels.

In doing so, companies can make sure they are fully compliant with the latest regulations and insulated against the kind of threats that can cause significant damage - meaning they can enjoy all the benefits of running a digital organisation without worrying about the downsides.

Summary: A new report has demonstrated that many British businesses are still not ready to deal with the threat of cyber attacks, despite the increasingly significant risks such incidents can pose.


Related resources