Businesses are not taking cyber security seriously enough, with under a third of cyber attacks being reported to the police.
A new study of cyber security, released by the Institute of Directors and Barclays, reveals widespread under-reporting of cyber attacks, with the business group predicting the emergence of a ‘cyber paradox’ that could result in companies no longer trusting online storage for sensitive data
In a new report, Cyber Security: Underpinning the Digital Economy, supported by Barclays, the IoD revealed that companies were keeping quiet even though half of attacks resulted in interruption of business operations. The scale of the threat should not be underestimated, the business group added, with over seven in 10 firms saying they had been sent bogus invoices via email.
The survey of nearly 1,000 IoD members showed a worrying gap between awareness of the risks and business preparedness. While nine in 10 business leaders said that cyber security was important, only around half had a formal strategy in place to protect themselves and just 20 per cent held insurance against an attack.
Nearly seven in 10 IoD members never having heard of Action Fraud Aware, the UK’s national reporting centre for fraud and internet crime, which suggests that official efforts to tackle cybercrime aren’t getting through to many businesses.
IoD is a UK based business organisation for company directors, senior business leaders and entrepreneurs.
The growing threat of breaches will create a ‘cyber paradox’, the IoD said, meaning that although business will increasingly take place online, firms will no longer feel confident in the encryption protecting sensitive information when it is transferred. This could lead to companies resorting to old-fashioned methods for sending important data.
Professor Richard Benham, author of the report, said: “Cybercrime is one of the biggest business challenges of our generation and companies need to get real about the financial and reputational damage it can inflict. The spate of recent high-profile attacks has spooked employers of all sizes and it is vital to turn this awareness into action. Customers and partners expect the businesses they deal with to get it right.
“As attacks become more prevalent and increasingly sophisticated, businesses need to defend themselves, know how to limit damage, and be ready to respond quickly and comprehensively when the inevitable happens. No shop-owner would think twice about phoning the police if they were broken into, yet for some reason, businesses don’t seem to think a cyber breach warrants the same response.
“Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.”
Adam Rowse, head of business banking at Barclays, said: “Businesses must recognise the threat that cybercrime can pose to them, their reputation and subsequently their bottom line. With the number of customers going online rapidly rising the issue of cyber security has never been more important. Companies need to consider cyber security as critical to their business operation as cost or cash flow.
“Some of the actions that businesses can take to get cyber smart include creating a cyber security strategy, raising awareness amongst staff of the common cons used to commit cybercrime, installing software that keeps them and their customers’ details safe and keeping all software up to date.
“At Barclays we have implemented a range of initiatives to help fight cybercrime, from our ‘digital eagles’ who teach vulnerable people how to stay safe online to educational content such as our recently aired TV fraud campaign.”