A poll of 1000 Institute of Directors members in the UK has found that two thirds of the companies who fall victim to a data breach are failing to declare it publicly or report it to the police for fear of reputational damage. Also, only around half of companies have a solid cyber security strategy in place and just 20% had taken out insurance against cyber attacks.
Of the members surveyed in the study, 49% said when they had experienced a breach it had affected their business operations. One in ten of the companies represented in the survey had suffered financial loss as the result of a breach. In the UK cybercrime is a particular concern as the UK has the highest level of ecommerce, with 12.5% of British GDP being generated online. This means the UK and its economy is particularly vulnerable to cybercrime. Unfortunately, as we’ve seen in other reports of this nature there seems to be a huge disconnect between the importance of cyber security and the efforts being made to secure it.
The lack of disclosure is particularly worrying; the number of reported cases is already staggering with 404,000 cases of personal information theft (therefore including hacking) being reported from July 2014 – July 2015. It’s now clear that this may be just the tip of the iceberg, as a gap in the law means only telecoms companies are required to disclose a breach. Fortunately, the European Parliament is planning to introduce a law strengthening the requirements, including other companies such as tech firms and critical services like banks and energy providers. So if the UK remains in the EU then there will be some improvement in this respect when the Network and Information Security directive comes into force.
Meanwhile, it’s up to companies to take action to strengthen their security postures; the 91% of respondents who said that cyber security is important to their company need to put their money where their mouth is. Only 57% of the companies said they had a formal cyber security strategy in place, just half give any sort of cyber security training to staff and 6% said they have spent nothing at all on cyber security in the last year.
For a consumer, the findings of this report are a reminder to be extremely cautious about where you enter your personal information online.