23 top reasons why businesses in the UK need better cyber security

UK businesses are in the crosshairs of cyber criminals, hackers and online fraudsters. While most businesses, especially SMEs and large businesses, are more or less aware of the threats posed by today’s connected world, a large number of non-tech managers and leaders end up relegating cyber security to the back of their minds. Once in a while, a big incident, like the WannaCry ransomware attack that disrupted operations at several NHS trust hospitals takes precedence in the news cycle and the topic of cyber security is brought to the fore.

Which category does your business fall into? Do you have in place cyber security policies and measures for the protection of your systems and the data your business holds? Are you, as a business leader, aware of these policies? Does your organisation take cyber security seriously? If not, here are some facts that you must pay attention to:

Increasing incidences of cybercrime

1) 1 in 5 (20%) British businesses have been hit by cyber-attacks in the last 12 months – with the percentage a lot higher (42%) for larger businesses with more than 100 staff (42%).^[2]

2) The most common type of breach faced by UK businesses of all the cyber security breaches reported, was staff receiving fraudulent emails (72%) – followed by viruses, spyware and malware (33%), people impersonating the organisation in emails or online (27%) and ransomware (17%). ^[1]

3) 57% of the identified breaches led to an adverse impact on the business, with the businesses forced to implement security measures, losing files, experiencing financial loss or having to invest the staff’s time in dealing with the breach.^[1]

4) 56% victims of cyber-attacks faced business disruption, 37% experienced reputation damage, while 36% suffered financial losses.^[5]

5) Of the 3.5 million total incidents of fraud in England and Wales, 1.9 million were cyber-related.^[7]

Significance of cyber security

6) 74% of UK businesses view cyber security as a high priority for their senior management, while 31% say is a very high priority.^[1]

7) The numbers from the Institute of Directors report tell a similar story; 95% of UK businesses consider cyber security to be very important or quite important, but 45% do not have a cyber security policy in place.^[3]

8) 35% of UK firms admitted that they have made no changes following a security incident in the last 12 months.^[4]

9) 48% of UK businesses feel that the government is not doing enough to protect them from cyber-attacks.^[4]

10) 55% of US-business have taken up cyber insurance, while the number is significantly lower for businesses in the UK – 30%.^[4]

11) Only 24% businesses in the UK have cyber security accreditations in place. Out of these, 49% business believe that it gives them a competitive edge, while 33% believe it helps them create a more secure environment while trading with other businesses.^[2]

12) 61% of Financial Services firms require employees to complete privacy training.^[6]

Growing need for cyber security standards and policies

13) 21% of UK firms believe that threat of cyber-crime is preventing their business from growing.^[2]

14) 61% of UK businesses hold personal data of their customers electronically.^[1]

15) 47% of Financial Services firms entrust cloud providers with finance function.^[6]

16) 58% of UK businesses have sought advice, guidance or information about cyber security threats in 2016-17.^[1]

17) 19% of UK businesses are worried about their suppliers’ cyber security, while 13% require the suppliers to adhere to specific cyber security standards.^[1]

18) 40% of business do not know who to contact in case they are the victim of online fraud.^[3]

19) 67% of UK businesses have spent money on cyber security in 2016 – with the numbers rising to 87% for medium-sized firms and 91% for large businesses.^[1]

20) 65% of organisations admit that they do not systematically work on making cyber security measures user-friendly, while 11% businesses involve a UX (user experience) expert to achieve a user-friendly design.^[5]

21) Only 1/3 (33%) of UK businesses have a formal policy covering cyber security risks.^[1]

22) Only 11% of UK businesses have an incident management plan in place for dealing with cyber security issues.^[1]

23) 44% of UK businesses have initiated cyber training for their staff and often there are gaps of more than one year in the training.^[1]

Is your business prepared to combat cybercrime and online fraud?

Is your business prepared to combat the rising incidences of cybercrime and online fraud? Having a proper cyber security policy in place and training your staff in fraud detection & prevention methods are the keys to resisting cyber-attacks and attempts at online fraud.

References:

1. Cyber Security Breaches Survey
2. British Chambers of Commerce
3. IoD Policy Report March 2017
4. Hiscox Cyber Readiness Report
5. KPMG Clarity on Cyber Security 2017 – Key findings
6. PWC Information Security Survey
7. Office for National Statistics

Originally published Jun 12, 2017 10:06:11, updated Jan 29 2024

Topics: Finance & Accounting Outsourcing