UK businesses failing basic security measures

Government survey finds that British firms and charities don't do the fundamentals

Britain's business are still ignoring basic security fundamentals, with almost half failing to implement foundational security protections.

This is according to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, which found that many UK companies are not following the basic security steps laid out as part of the government's Cyber Essentials scheme.

Advertisement - Article continues below

The Cyber Essentials scheme allows organisations to obtain an independent accreditation for applying five key security practices, including maintaining properly-configured firewalls, running antivirus software, applying patches in a timely manner, limiting IT admin rights to specific users and applying security policies to corporate devices.

While these are basic steps, just 50% of the businesses surveyed as part of the report were implementing all five within their organisation. The number was even lower for charities, with less than a third reporting that they had applied all five measures.

"The number of businesses making cybersecurity a priority has increased year-on-year, but this survey shows that there is still a long way to go in addressing the very basics," said Tony Pepper, CEO of file-sharing firm Egress.

"The fact that almost 50% of businesses haven't implemented the government's five basic technical controls from Cyber Essentials is concerning, especially as we approach GDPR. From 25 May, a business that is breached will have to prove that it did everything it could to protect sensitive data, so ticking these five boxes is key."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Alarmingly, 68% of Britain's charities spent no money whatsoever on cyber security during the previous financial year, and neither did one-third of businesses. This includes outsourced security services, staff training and technology investment.

Of the organisations that did invest in security protections, the vast majority were motivated predominantly by a desire to protect the data of customers and donors, with 47% of businesses and 62% of charities citing this as the biggest factor.

Despite the comparatively low level of investment in security by many organisations, three-quarters of businesses believe that they have enough cyber security professionals within the company to deal with any risks, and 70% believe that these employees have the correct skills to do so.

This apparently signifies a certain level of over-confidence, judging by the fact that 43% of all businesses experienced an attack or breach over the last 12 months, with almost one in 10 businesses being hit multiple times per day.

Advertisement - Article continues below

"While it's troubling to hear that almost half of UK businesses have experienced a cyber attack in the past year, the actual volume of these incidents is likely considerably higher," said Gemalto's CTO and former ethical hacker, Jason Hart. "In fact, we've seen from our Breach Level Index that almost as many data incidents are caused by accidental loss, as malicious outsiders."

Picture: Bigstock

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/technology/30736/what-is-ethical-ai
Technology

What is ethical AI?

8 Apr 2020
Visit/security/cyber-security/355210/cyber-criminals-torn-over-how-to-adapt-to-post-coronavirus-threat
cyber security

Hackers torn over how to adapt their tactics to the coronavirus pandemic

3 Apr 2020
Visit/business-strategy/31780/the-it-pro-panel
Business strategy

The IT Pro Panel

24 Feb 2020
Visit/careers/28212/a-guide-to-cyber-security-certification-and-training
Careers & training

A guide to cyber security certification and training

13 Jan 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020