The official UK Government Cyber Security Breaches Survey 2019 shows that around one in three businesses (32 per cent) was a victim of an attack or breach in the past 12 months. While this is lower than in 2018 (when it was 43 per cent) and in 2017 (46 per cent), those who were victims typically reported facing six attacks, compared to two in 2017.
Comments
Amanda Finch, CEO of the Institute of Information Security Professionals (IISP) says: “It is reassuring to see that improving IT security skills is a priority for the majority of organisations in the survey: with the industry already facing a shortage of skilled staff, bringing more members into the fold will be vital. However, it’s also vital that training is done in the right way. Managing cyber risks means much more than simply giving IT teams technical skills, important as they are. It means being able to develop cyber-security strategies that effectively reduce risk across the whole organisation. It means educating employees at all levels so that they understand risk and can take action to reduce it.
“And it means recognising that people from multiple backgrounds have the ability to thrive in IT security, and working to attract them. To do this, organisations need to ensure they are teaching strategic and “soft” interpersonal skills that will empower the IT team to do more than simply monitor for breaches and manage technology. And businesses must understand what roles they need to fill, and what skills are needed for those roles; so that they can recognise them in prospective applicants and reward those who meet their criteria.”
Jon Abbott, CEO of IT services provider Priority One and founder of cybersecurity platform ThreatAware, says: “Attacks are becoming more targeted and costly and cybercriminals are becoming more sophisticated. As IT teams shore up their defences, attackers are choosing softer targets and preying on people instead. They recognise that humans are now the weakest link and increasingly the targets are directors and senior decision makers.
“It demonstrates that cybersecurity is no longer just an IT issue but a company-wide challenge, one which involves people throughout the organisation and needs to be overseen at board level. Dealing with the changing threat landscape requires a more integrated approach than before. Patching, web browsing protection and anti-virus software are critical but businesses also need the right policies, procedures and culture.
“As cybercrime becomes more complex, boards need to lead the fightback and work closely with IT teams and managers throughout the organisation to ensure they are in the best possible position to defeat themselves against the threats.”
For the 66-page survey visit https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2019.
