Government Minister for Digital and Culture Matt Hancock MP used a wide-ranging speech to the Institute of Directors (IoD) as a call-to-arms for companies to take cybersecurity seriously.
In a 27 March speech in London Mr Hancock confirmed that cybersecurity was “one of the seven pillars” of the Government’s £1.9 billion digital strategy. He called on companies to bridge the ever-widening gap between awareness and actually taking action.
Recent analysis by GCHQ, Britain’s intelligence hub, revealed that the vast majority of cyberattacks exploit well-known vulnerabilities such as passwords and admin access policies.
The IoD’s own 2017 cybersecurity report shows a worrying number of UK businesses have no official policy on cyberattacks.
And small-to-medium sized businesses are at greater threat than larger multinationals.
The number of companies preparing themselves has also not improved from a year ago.
The survey of almost 1,000 members reveals almost half of UK firms (44 per cent) don’t have any cyber awareness training for employees.
And while 94 per cent admit IT security is important, four in ten would not know who to report to if cybercrime hit their business.
Just 20 percent hold specific insurance against cyberattacks.
The government is pushing towards getting all suppliers who handle sensitive data to hold a “Cyber Essentials certificate” as a minimum. So far more than 6,000 certificates have been issued.
The minister’s words were supported by the Institute’s own survey which revealed a widespread under-reporting of cyberattacks and accused businesses of not taking cybersecurity seriously enough.
Speaking to the March conference, Professor Richard Benham, author of the survey said: “Cybercrime is one of the biggest business challenges of our generation and companies need to get real about the financial and reputational damage it can inflict.
“The spate of recent high-profile attacks has spooked employers of all sizes and it is vital to turn this awareness into action. Customers and partners expect the business they deal with to get it right.”
“As attacks become more prevalent and increasingly sophisticated, businesses need to defend themselves, know how to limit damage and be ready to respond quickly and comprehensively when the inevitable happens.
“Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority.”
The new General Data Protection Regulation, which comes into effect in May 2018, will make companies much more accountable for their customers’ data.
The IoD is calling on companies to run attack simulations to make sure security systems are robust.
Stephen Martin, Director General of the Institute of Directors, said: “The UK is a leader in the digital economy, but if we are to build on our existing strengths and capitalise on new technologies, we have to go into the future with our eyes open to the risks.
“This report has revealed that business leaders are still putting cyber security on the back burner. The results, even for small and medium-sized businesses, could be catastrophic.
“With threats evolving all the time, and demanding new regulations just around the corner, we cannot afford another year of complacency from business. This isn’t an IT issue, it’s a business survival issue.”