The UK Government has conducted a review into the country’s cyber security. The study focussed on determining how serious the threat is to UK businesses, and whether companies have taken adequate steps to protect themselves. Additionally, it discussed whether the Government should incentivise good cyber risk management via regulation.
Cyber Security Breaches Survey 2016 – Review Findings
The initial analysis found that the threat to the UK economy from cybercrime is both real and significant. One in four businesses detected a breach in the last year.
The average financial cost for victims of a successful attack ranged from £3,100 to £36,000, dependent on company size. Additionally, there are indirect costs to consider, such as damage to reputation and loss of customers.
Despite this, UK businesses are not doing enough to protect themselves. Nearly half of all companies have not taken recommended actions to identify cyber risks.
Please view some of the key findings from the survey in the info-graphic below:Cyber Security Beaches Survey: Key Findings
As a result of these findings, new legislative measures are being introduced to make businesses more accountable for their cyber security, by way of the General Data Protection Regulation (GDPR).
Taking Action Through Regulation
The GDPR will build upon the existing Data Protection Act (DPA), created in 1998. Once introduced, companies will be legally required to report any security breach to the Information Commissioner’s Office (ICO). They will also have to notify any affected customers.
At present, declaring a hack is not mandatory. This change will provide far more accurate data as to the scale of the problem.
It will also bring into force “significantly higher fines” for UK companies who suffer a breach as a result of inadequate security. It’s these sanctions that the Government believe will create a real impetus for change.
Getting Ready for the Change
The GDPR comes into effect from May 2018, so it’s important that businesses begin to prepare now.
The Government has been deliberately non-prescriptive about the specific measures that businesses should take. They are worried that doing so would create a culture of compliance, rather than getting companies to take a personalised approach to their environment.
It’s important to seek the advice of an IT security expert. Our business-grade managed security service combines industry-leading technologies to protect you on all fronts.
An Audit will also help you to understand the best options for securing your environment. This in-depth health check will identify any weaknesses and provide you with a plan to bolster your defences.
Additionally, we can discuss backup and business continuity options with you. So that if the worst were to happen, your business-critical systems could be back online as quickly as possible.
Air-IT’s Chief Technology Officer, Sam Reed, said:
It’s clear from the report and upcoming GDPR that the UK Government is taking cyber security extremely seriously. At Air-IT, we can help your business formulate a strategy to get ahead of the new rules and ensure you’re ready for the change.
You can read more on the GDPR and Cyber Security in our detailed article with the Nottingham Post below.Read More
Need more help or advice?
If you need more information or advice on your ICT or cyber security systems, would like to discuss our auditing services in more depth, or find out more about Cyber Essentials accreditation, then please do not hesitate to contact us on 0115 880 044 and we will be more than happy to help.