Two thirds of large UK businesses hit by cyber breach or attack in past year
· Nearly seven out of ten attacks on all firms involved viruses, spyware or malware.
· Record £1.9bn government investment to protect UK but industry must act to help protect themselves
· New National Cyber Security Centre will launch in the autumn 2016
Britain’s businesses are being urged to better protect themselves from cyber criminals after government research into cyber security found two thirds of large businesses experienced a cyber breach or attack in the past year.
The research also shows that in some cases the cost of cyber breaches and attacks to business reached millions, but the most common attacks detected involved viruses, spyware or malware that could have been prevented using the Government’s Cyber Essentials scheme.
The Cyber Security Breaches Survey found that while one in four large firms experiencing a breach did so at least once a month, only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.
Minister for the Digital Economy Ed Vaizey said:
“The UK is a world-leading digital economy and this Government has made cyber security a top priority. Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data. As a minimum companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.”
Results from the survey are being released alongside the Government’s Cyber Governance Health Check, which was launched following the TalkTalk cyber attack. It found almost half of the top FTSE 350 businesses regarded cyber attacks as the biggest threat to their business when compared with other key risks – up from 29 per cent in 2014.
The Government’s Cyber Governance Health Check also found that:
· only a third of the UK’s top 350 businesses understand the threat of a cyber attack;
· only a fifth of businesses have a clear view of the dangers of sharing information with third parties; and
· many firms are, however, getting better at managing cyber risks, with almost two thirds now setting out their approach to cyber security in their annual report.
Both surveys form part of the Government’s rigorous approach to tackling cyber crime, which will see £1.9 billion invested over the next five years.
The Government is encouraging all firms to take action: the 10 Steps to Cyber Security provides advice to large businesses, and the Cyber Essentials scheme is available to all UK firms. The Government is also creating a new National Cyber Security Centre offering industry a ‘one-stop-shop’ for cyber security support.
A new national cyber security strategy will also be published later in 2016 setting out the Government’s plans to improve cyber security for Government, businesses and consumers.
1. The Cyber Governance Health Check is run in partnership with the audit community, including Deloitte, EY, Grant Thornton, KPMG and PWC, and will be published on gov.uk on Sunday 8 May 2016.
2. The Cyber Security Breaches Survey will be published on gov.uk on Sunday 8 May 2016.
3. These reports are part of the Government’s National Cyber Security Strategy to tackle cyber crime and make the UK one of the safest places in the world to do business online.
4. In November 2015 the Chancellor announced in a speech at GCHQ the next phase of the Government’s cyber security strategy, which includes a new £1.9 billion investment over the next five years and a new National Cyber Security Centre to help protect UK industry, infrastructure and the public against cyber security threats.
5. Free cyber security guidance and training for businesses, including the Cyber Essentials scheme, can be found at www.gov.uk/government/collections/cyber-security-guidance-for-business.
6. The Cyber Security Breaches Survey covers awareness, attitudes and approaches to cyber security, as well as the incidence and impact of cyber breaches, including costs.
7. In the Cyber Security Breaches Survey large businesses are defined as having 250 employees or more.
8. The Cyber Security Breaches Survey was a telephone survey of 1,008 UK businesses (including 203 large businesses), undertaken from 30 November 2015 to 5 February 2016. Data is weighted to be representative of all UK businesses. The research was carried out by Ipsos MORI and its partner, the Institute of Criminal Justice Studies (ICJS) at the University of Portsmouth. The research took place between October 2015 and March 2016.
