UK businesses failing basic security measures

Government survey finds that British firms and charities don't do the fundamentals

Britain's business are still ignoring basic security fundamentals, with almost half failing to implement foundational security protections.

This is according to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, which found that many UK companies are not following the basic security steps laid out as part of the government's Cyber Essentials scheme.

The Cyber Essentials scheme allows organisations to obtain an independent accreditation for applying five key security practices, including maintaining properly-configured firewalls, running antivirus software, applying patches in a timely manner, limiting IT admin rights to specific users and applying security policies to corporate devices.

While these are basic steps, just 50% of the businesses surveyed as part of the report were implementing all five within their organisation. The number was even lower for charities, with less than a third reporting that they had applied all five measures.

"The number of businesses making cybersecurity a priority has increased year-on-year, but this survey shows that there is still a long way to go in addressing the very basics," said Tony Pepper, CEO of file-sharing firm Egress.

"The fact that almost 50% of businesses haven't implemented the government's five basic technical controls from Cyber Essentials is concerning, especially as we approach GDPR. From 25 May, a business that is breached will have to prove that it did everything it could to protect sensitive data, so ticking these five boxes is key."

Alarmingly, 68% of Britain's charities spent no money whatsoever on cyber security during the previous financial year, and neither did one-third of businesses. This includes outsourced security services, staff training and technology investment.

Of the organisations that did invest in security protections, the vast majority were motivated predominantly by a desire to protect the data of customers and donors, with 47% of businesses and 62% of charities citing this as the biggest factor.

Despite the comparatively low level of investment in security by many organisations, three-quarters of businesses believe that they have enough cyber security professionals within the company to deal with any risks, and 70% believe that these employees have the correct skills to do so.

This apparently signifies a certain level of over-confidence, judging by the fact that 43% of all businesses experienced an attack or breach over the last 12 months, with almost one in 10 businesses being hit multiple times per day.

"While it's troubling to hear that almost half of UK businesses have experienced a cyber attack in the past year, the actual volume of these incidents is likely considerably higher," said Gemalto's CTO and former ethical hacker, Jason Hart. "In fact, we've seen from our Breach Level Index that almost as many data incidents are caused by accidental loss, as malicious outsiders."

Picture: Bigstock

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

Secure your Wi-Fi against hackers in 10 steps
network security

Secure your Wi-Fi against hackers in 10 steps

29 Sep 2020
What is a DDoS attack?
Security

What is a DDoS attack?

29 Sep 2020
The IT Pro Panel
Business strategy

The IT Pro Panel

28 Sep 2020
How to protect against a DDoS attack
Security

How to protect against a DDoS attack

17 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020