Earlier this year (Feb 3) the Public Accounts Committee stated that the Government needs to ‘raise its game’ on cyber attacks – now one of the top four risks to national security in the past six years.
It said that our ability to repel cyber attacks is undermined by skills shortages and 'chaotic' handling of personal data breaches. Alarmingly, Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure. Yes, it’s as basic as that.
Cyber attack and cyber crime is not just a national security issue. Across the UK, business large and small are not taking this issue seriously enough with under a third (28%) of cyber attacks being reported to the police, according to a report the IoD carried out with Barclays last year. It revealed that companies were keeping quiet about cyber attacks, even though half (49%) resulted in interruption of business operations. It states that the scale of the threat should not be underestimated, with over seven in ten firms saying they had been sent bogus invoices via email.
The survey of nearly one thousand IoD members showed a worrying gap between awareness of the risks and business preparedness. Whilst over 90% said that cyber security was important, only around half (57%) had a formal strategy in place to protect themselves and just a fifth (20%) held insurance against an attack. Worryingly, official efforts to tackle cybercrime seem to be failing to get through to businesses, with nearly seven in ten (68%) IoD members never having heard of Action Fraud Aware, the UK’s national reporting centre for fraud and internet crime.
The growing threat of breaches will create a ‘cyber paradox’, meaning that although business will increasingly take place online, firms will no longer feel confident in the encryption protecting sensitive information when it is transferred. This could lead to companies going back in time, and resorting to old-fashioned methods for sending important data.
Business needs to get real about the significant financial and reputational damage cybercrime can inflict. Increasingly we read of data breaches at our banks, service providers, such as telecoms, and online payment vehicles. These are the high end of the scale, affecting often hundreds of thousand of customers. But at the lower end of the scale, why are small businesses so slow in coming forward when their data is breached? As the report author Professor Richard Benham said, no shop owner would think twice about calling the police if they were broken into, yet many businesses don’t seem to think a cyber break warrants the same response.
Cyber crime is not an IT department problem. You should have a strategy in place, be it as simple as ensuring strong passwords are used and regularly changed, regularly updating software, providing staff awareness and training and making yourself familiar with many of the Government cyber guides that are available, such as Cyber Essentials.
As one of the major threats to business continuity and reputation in the 21st century, it’s now a boardroom issue.
By Helen Lacey, IoD Somerset Chairman