UK Businesses Are Not Reporting Cyber-Attacks

British businesses have been warned to start taking cyber security more seriously after a new survey found that many are failing to properly deal with the growing number of online attacks hitting companies every day.

Research by the Institute of Directors (IoD) and supported by Barclays found that under a third (28 percent) of cyber-attacks affecting British businesses were being reported to the police.

This was despite nearly half (49 percent) of attacks causing the interruption of business operations, as victims dealt with often significant damage to their work.

Challenging

“Cybercrime is one of the biggest business challenges of our generation and companies need to get real about the financial and reputational damage it can inflict,” said Professor Richard Benham, author of the report.

“As attacks become more prevalent and increasingly sophisticated, businesses need to defend themselves, know how to limit damage, and be ready to respond quickly and comprehensively when the inevitable happens. No shop-owner would think twice about phoning the police if they were broken into, yet for some reason, businesses don’t seem to think a cyber breach warrants the same response.”

The survey, which questioned over a thousand IoD members, found that although awareness of the need to have proper online protection in place was high, overall knowledge of security provisions was often lacking.

It found that only around half (57 percent) of businesses had a formal strategy in place to protect themselves and just a fifth (20 percent) held insurance against an attack.

Even more worryingly, just 43 percent of the businesses surveyed by the IoD knew where their data was physically stored, which the authors described as, “a truly frightening statistic.”

The growing threat of breaches will create a ‘cyber paradox’, the IoD said, meaning that although business will increasingly take place online, firms will no longer feel confident in the encryption protecting sensitive information when it is transferred. This could lead to companies going back in time, and resorting to old-fashioned methods for sending important data.

The findings led many in the security industry to call for better support into encryption and other security practice to ensure business data is kept safe.

“It is crucial businesses assess just what portion of their data is most valuable and needs closer security attention,” said Stephen Love, EMEA security practice lead at Insight UK.

“Not all data in an organisation would be deemed ‘sensitive.’ By carrying out a thorough assessment as to what data is uniquely distinct to the organisation, then discovering in what ways it’s at risk and putting in place security measures accordingly, every organisation can feel confident that they have the best defensive measures possible in place.  If the sensitive data does end up in the wrong hands, it will be rendered useless.”

Are you a security pro? Try our quiz!