UK businesses are at risk of sleepwalking into a reputational time bomb due a lack of awareness on how to protect their data assets. So says BSI, the business standards company.
As cyber hackers become more complex and sophisticated in their methods, UK firms are being urged by BSI to strengthen their security systems to protect themselves and consumers.
A BSI survey of IT decision makers found that cyber security is a growing concern with over half (56 per cent) of UK businesses being more concerned than 12 months ago. Seven in ten (70 per cent) attribute this to hackers becoming more skilled and better at targeting businesses. However, whilst the vast majority (98 per cent) of organisations have taken measures to minimise risks to their information security, only 12 per cent are extremely confident about the security measures their organisation has in place to defend against these attacks.
IT directors appear to have accepted the risks to their information security, with nine in ten (91 per cent) admitting their organisation has been a victim of a cyber-attack. Around half have experienced an attempted hack, and/or suffered from malware (49 per cent in both instances). Around four in ten (42 per cent) have experienced the installation of unauthorised software by trusted insiders, and nearly a third (30 per cent) have suffered a loss of confidential information.
Managing risks key to protecting data assets Despite the confidence in the security measures they have in place, three in five (60 per cent) organisations have not provided staff with information security training; over a third (37 per cent) have not installed anti-virus software; and just under half (49 per cent) monitor their user’s access to applications, computers and software.
Conversely organisations that have implemented ISO 27001, the international Information Security Management System Standard, are more conscious about potential cyber-attacks than those who haven’t (56 per cent versus 12 per cent). As such, 52 per cent of organisations who have implemented ISO 27001 are extremely confident about their level of resilience against the latest methods of cyber hacking.
Mike Edwards, Information Security Specialist and Tutor at BSI, said: “The research revealed that businesses who can identify threats are more aware of them. Our experience confirms this, we know that organisations with ISO 27001 can better identify the threats and vulnerabilities to their information security and put in place appropriate controls to manage and mitigate risks.”
This question on how to protect their data assets is leaving many business exposed, which in turn is impacting consumers, says BSI. As consumers are spending more of their time and money online, their vulnerability to cyber-attacks is increasing. A consumer survey showed that nearly half of consumers surveyed had suffered from a cyber-attack/crime, yet only 4 per cent have stopped using online services to reduce the risks.
Consumers are the standards body says looking to companies for protection, who in turn need to safeguard themselves and their customer data. However, there is an inherent lack of trust from consumers on how their data is handled by organisations with a third of consumers admitting they do not trust organisations with their data. On the other hand there is a level of acceptance that nothing online will ever be safe, leading to a false sense of security that ‘this will not happen to me’ amongst those who have not suffered from a cyber-attack/crime.
Maureen Sumner Smith, UK Managing Director at BSI added: “Consumers want their information to be confidential and not shared or sold. Those who want to be reassured that their data is safe and secure are looking to organisations who are willing to go the extra mile to protect and look after their data. Best practice security frameworks, such as ISO 27001 and easily recognisable consumer icons such as the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations. The research shows that the onus is on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.”
