UK businesses failing basic security measures

Government survey finds that British firms and charities don't do the fundamentals

Britain's business are still ignoring basic security fundamentals, with almost half failing to implement foundational security protections.

This is according to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, which found that many UK companies are not following the basic security steps laid out as part of the government's Cyber Essentials scheme.

The Cyber Essentials scheme allows organisations to obtain an independent accreditation for applying five key security practices, including maintaining properly-configured firewalls, running antivirus software, applying patches in a timely manner, limiting IT admin rights to specific users and applying security policies to corporate devices.

While these are basic steps, just 50% of the businesses surveyed as part of the report were implementing all five within their organisation. The number was even lower for charities, with less than a third reporting that they had applied all five measures.

"The number of businesses making cybersecurity a priority has increased year-on-year, but this survey shows that there is still a long way to go in addressing the very basics," said Tony Pepper, CEO of file-sharing firm Egress.

"The fact that almost 50% of businesses haven't implemented the government's five basic technical controls from Cyber Essentials is concerning, especially as we approach GDPR. From 25 May, a business that is breached will have to prove that it did everything it could to protect sensitive data, so ticking these five boxes is key."

Alarmingly, 68% of Britain's charities spent no money whatsoever on cyber security during the previous financial year, and neither did one-third of businesses. This includes outsourced security services, staff training and technology investment.

Of the organisations that did invest in security protections, the vast majority were motivated predominantly by a desire to protect the data of customers and donors, with 47% of businesses and 62% of charities citing this as the biggest factor.

Despite the comparatively low level of investment in security by many organisations, three-quarters of businesses believe that they have enough cyber security professionals within the company to deal with any risks, and 70% believe that these employees have the correct skills to do so.

This apparently signifies a certain level of over-confidence, judging by the fact that 43% of all businesses experienced an attack or breach over the last 12 months, with almost one in 10 businesses being hit multiple times per day.

"While it's troubling to hear that almost half of UK businesses have experienced a cyber attack in the past year, the actual volume of these incidents is likely considerably higher," said Gemalto's CTO and former ethical hacker, Jason Hart. "In fact, we've seen from our Breach Level Index that almost as many data incidents are caused by accidental loss, as malicious outsiders."

Picture: Bigstock

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

The IT Pro Panel
Business strategy

The IT Pro Panel

25 Jan 2021
Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
What is ethical AI?
artificial intelligence (AI)

What is ethical AI?

21 Jan 2021
BEC scammers are using Google Forms to identify easy victims
phishing

BEC scammers are using Google Forms to identify easy victims

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021