Businesses falling short in cyber security planning
A report has revealed that many businesses do not have a formal cyber security strategy.
The report published by the Institute of Directors and Barclays found that small, medium and large firms need to consider the best way to protect themselves against what might be the defining challenge for business.
The report said: “Government, too, needs to do more to point busy business leaders towards existing schemes and advice, and making schemes more relevant.
“Ultimately, however, this is a matter for business – in a digital economy, it’s the equivalent of installing a burglar alarm.”
The report was based on a survey of 844 IoD members in December 2016 and found that although respondents were aware of the threat presented by cyber crime, only half had protected all their devices.
Four out of ten respondents said they would not know who to contact in the event of a cyber attack. The report pointed out this would be crucial for compliance with the EU General Data Protection Regulation (GDPR) which comes into play on 25th May 2018 – and introduces mandatory data breach notification.
Two thirds of respondents said they had taken government advice to use a variety of passwords and a similar number used cloud software.
Only 44 per cent had arranged cyber awareness training and many left gaps of more than a year between training programmes.
Group chief information security officer at Barclays, Troels Oerting, said: “For centuries, society and banks have steered through unprecedented events.
“Cyber crime is another challenge, and it, too, can be managed by implementing a strong strategy built on resilience and intelligence.”