Just 10 per cent of UK businesses see cyber-security as the biggest challenge to their economic success – according to research by Fujitsu.
In the same research, only six percent of the businesses surveyed saw cyber security as one of the biggest threats to the UK economy as a whole.
Considering the almost daily headlines which are created by cyber-attacks and data breaches against small and large businesses, not to mention public institutions like the NHS there seems to be a baffling disconnect between the actual threat and the perceived risk.
Not to mention that cyber-attacks against UK businesses are on the rise, according to research by the National Cyber Security Centre, which also stated that the cyber threat to small businesses is now ‘worse than it has ever been’.
While businesses seem to be in a wonderland of denial when it comes to cyber security, consumers are much more aware of the threat posed by cyber security, with 20 per cent seeing this as the biggest threat to UK businesses.
There is, clearly, a gulf in the seriousness with which cyber security is being veiwed by businesses and their customer and – considering that businesses are now highly reliant on customers handing over their personal data – it is a gulf that companies need to shrink as soon as possible.
And that is not even to mention the data regulation which has been causing havoc with the UK’s data market for the last two years – GDPR.
Considering the eye-watering fines which businesses could be subjected to in the case of a breach – 4 per cent of global annual turnover or €20m or whichever is highest in the most extreme circumstances – it is staggering that cyber-threats seem to be so far down the priorities of the UK business owners.
A complete business threat
Technology now impacts and is implemented into most – if not all – areas of a business’ day-to-day dealings which means that the doors with which a cyber-criminal a breach a company’s defence have grown at a similar rate.
Small and medium businesses in particular – who wrongly assume they are too small to be targeted – face particular threats from automated mass targeting, which is becoming a more common means of attacking businesses.
This problem is further exacerbated by the fact that many workers today – while lacking cyber-security knowledge – expect to be allowed to work flexibly using unsecure public wifi (a popular target for cyber criminals).
They are also not shy about wanting to use their personal devices for business purposes, which don’t have the enterprise level security they need to keep sensitive business and customer data secure.
It is not unheard of for cyber criminals to use these weakened defences to intercept sensitive emails or try to scam a business’ finance team into sending money to a new account using access gained to the CEO’s email via an employee’s use of public WiFi or unprotected personal device.
Considering that most cyber breaches take weeks – or even months – to be detected, the damage which could be done by a cyber criminal able to take advantage of a momentary lack of security awareness could be devastating short-term and irreparable in the long-term.
Which comes back to the worrying revelation that so many UK businesses seem blissfully unaware of this threat and are ploughing on with insufficient cyber security policies.
Unfortunately for some, the time they realise they should have done something about it – will be the same moment they realise it is now too late.