IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK businesses failing basic security measures

Government survey finds that British firms and charities don't do the fundamentals

Britain's business are still ignoring basic security fundamentals, with almost half failing to implement foundational security protections.

This is according to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, which found that many UK companies are not following the basic security steps laid out as part of the government's Cyber Essentials scheme.

The Cyber Essentials scheme allows organisations to obtain an independent accreditation for applying five key security practices, including maintaining properly-configured firewalls, running antivirus software, applying patches in a timely manner, limiting IT admin rights to specific users and applying security policies to corporate devices.

While these are basic steps, just 50% of the businesses surveyed as part of the report were implementing all five within their organisation. The number was even lower for charities, with less than a third reporting that they had applied all five measures.

"The number of businesses making cybersecurity a priority has increased year-on-year, but this survey shows that there is still a long way to go in addressing the very basics," said Tony Pepper, CEO of file-sharing firm Egress.

"The fact that almost 50% of businesses haven't implemented the government's five basic technical controls from Cyber Essentials is concerning, especially as we approach GDPR. From 25 May, a business that is breached will have to prove that it did everything it could to protect sensitive data, so ticking these five boxes is key."

Alarmingly, 68% of Britain's charities spent no money whatsoever on cyber security during the previous financial year, and neither did one-third of businesses. This includes outsourced security services, staff training and technology investment.

Of the organisations that did invest in security protections, the vast majority were motivated predominantly by a desire to protect the data of customers and donors, with 47% of businesses and 62% of charities citing this as the biggest factor.

Despite the comparatively low level of investment in security by many organisations, three-quarters of businesses believe that they have enough cyber security professionals within the company to deal with any risks, and 70% believe that these employees have the correct skills to do so.

This apparently signifies a certain level of over-confidence, judging by the fact that 43% of all businesses experienced an attack or breach over the last 12 months, with almost one in 10 businesses being hit multiple times per day.

"While it's troubling to hear that almost half of UK businesses have experienced a cyber attack in the past year, the actual volume of these incidents is likely considerably higher," said Gemalto's CTO and former ethical hacker, Jason Hart. "In fact, we've seen from our Breach Level Index that almost as many data incidents are caused by accidental loss, as malicious outsiders."

Picture: Bigstock

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
World’s biggest four-day working week trial kicks off in UK
flexible working

World’s biggest four-day working week trial kicks off in UK

6 Jun 2022
Pushing cloud AI closer to the edge
machine learning

Pushing cloud AI closer to the edge

1 Jun 2022
Europe's tech sector struggles to find employees with AI skills
Careers & training

Europe's tech sector struggles to find employees with AI skills

25 Apr 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022