According to a survey of 1,200 businesses from the British Chamber of Commerce, only 24% of businesses have security in place to protect themselves from cyber attacks.
This is despite the fact that one in five businesses were attacked in the past year by cyber-criminals.
Those most at risk of being attacked were larger companies, defined as those with at least 100 members of staff. 42% of big businesses have been victims of cyber attacks, compared to just 18% of smaller businesses.
The largest breach in history happened at Yahoo when hackers had managed to access email addresses, phone numbers, passwords and dates of birth as well as some encrypted security questions and answers.
Director-general of the BCC, Adam Marshall said: “Cyber-attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity. While firms of all sizes, from major corporations to one-man operations, fall prey to attacks, our evidence shows that large companies are more likely to experience them.”
Businesses Face Fines
In most cases, the survey found that businesses were relying on their IT providers to resolve security issues after an attack (63%), 12% relied on banks and 2% on the police.
“Companies are reporting a reliance on IT support providers to resolve cyber-attacks. More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cyber-security breach and increase clarity around the response options available to victims, which would help minimise the occurrence of cyber-crime,” said Marshall.
“Firms need to be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don’t adopt the appropriate protections leave themselves open to tough penalties,” Marshall added.
One example of this is TalkTalk who was hit with a record £400,000 fine for failing to maintain security which led to it being hacked in October 2015. Hackers managed to access the personal information of over 150,000 customers and financial data of 15,000 people.
The Information Commissioner’s Office issued the fine and said that the attack “could have been prevented if TalkTalk had taken basic steps to protect customers’ information”.
In a government study led by the National Cyber Security Centre, it was revealed that the average cost associated with cyber crime are £3,070 for medium businesses and £1,380 for smaller firms.
CEO of the National Cyber Security Centre, Ciaran Martin said: “The majority of successful cyber attacks are not that sophisticated but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.”
Have you ever fallen victim to a cyber attack? How did your company deal with it? Please share your thoughts or experiences in the comments.