According to research conducted by BSI, the business standards company, UK businesses are at risk of sleepwalking into a reputational time bomb due to a lack of awareness on how to protect their data assets. As cyber hackers become more complex and sophisticated in their methods, UK organisations are being urged to strengthen their security systems in order to protect both themselves and consumers.
The BSI survey of IT decision-makers1 finds that cyber security is a growing concern, with over half (56%) of UK businesses being more concerned about this issue than was the case 12 months ago. Seven-in-10 (70%) attribute this to hackers becoming more skilled and better at targeting businesses.
However, while the majority (98%) of organisations have taken steps to minimise risks to their information security, only 12% are extremely confident about the security measures they have in place to defend against these attacks.
Worryingly, IT directors appear to have accepted the risks posed to their information security, with nine-in-10 (91%) admitting their organisation has been the victim of a cyber attack at some point. Around half have experienced an attempted hack and/or suffered from malware (49% in both instances). Around four-in-ten (42%) have experienced the installation of unauthorised software by trusted insiders, while nearly one third (30%) report having suffered from a loss of confidential information.
Managing risks: key to protecting data assets
Despite confidence in the security measures they have in place, three-in-five (60%) of those organisations surveyed have not provided staff with information security training. Over a third (37%) haven’t installed anti-virus software and only just under half (49%) monitor their user’s access to applications, computers and software.
Conversely, organisations that have implemented ISO 27001 – the international Information Security Management System Standard – are more conscious about potential cyber attacks than those who haven’t (56% versus 12%). As such, 52% of organisations with ISO 27001 already implemented are extremely confident about their level of resilience against the latest methods of cyber hacking.
Maureen Sumner Smith: UK managing director at BSI
“The research reveals that businesses who can identify threats are more aware of them,” said Mike Edwards, information security specialist and tutor at BSI. “Our experience confirms this. We know that organisations with ISO 27001 in place can better identify the threats and vulnerabilities posed to their information security and put in place appropriate controls designed to manage and mitigate risk.”
Consumers looking to organisations that go ‘above and beyond’
As consumers are now spending more and more of their time and money online, so their vulnerability to cyber attacks is increasing. A recent survey2 showed that nearly half of consumers questioned had suffered from a cyber attack/crime event, yet only 4% have stopped using online services to reduce the risks.
Consumers are looking to companies for protection, who in turn need to safeguard themselves and their customers’ data. However, there’s an inherent lack of trust from consumers on how their data is handled by organisations, with one third of those questioned admitting they don’t trust organisations with their data.
On the other hand, there’s a level of acceptance that nothing online will ever be wholly safe, leading to a false sense of security that: ‘This will not happen to me’ among those who have not suffered from a cyber attack/crime.
Maureen Sumner Smith, UK managing director at BSI, explained: “Consumers want their information to be confidential and not shared or sold. Those who want to be reassured that their data is safe and secure are looking to organisations willing to go the extra mile to protect and look after their data.”
Sumner Smith continued: “Best Practice security frameworks, such as ISO 27001 and easily recognisable consumer icons like the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations. Our research shows that the onus is very much on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.”
1Research interviews conducted with 200 IT decision-makers in UK businesses employing between 250 and 1,000 members of staff. Interviews carried out in October 2014 by Vanson Bourne
2Consumer research involving 1,589 UK adults. Conducted in September 2014 by Opinion Matters