With one month to go until new data protection laws come into force, UK businesses are being urged to protect themselves against cyber crime after new statistics show over four in ten (43 per cent) of businesses and two in ten charities (19 per cent) suffered a cyber breach or attack in the past 12 months.
This figure rises to more than two thirds for large businesses, 72 per cent of which identified a breach or attack.
For the average large business the financial cost of all attacks over the past 12 months was £9,260 with some attacks costing significantly more.
The most common breaches or attacks were via fraudulent emails – for example, attempting to coax staff into revealing passwords or financial information, or opening dangerous attachments – followed by instances of cyber criminals impersonating the organisation online, then malware and viruses.
“We are strengthening the UK’s data protection laws to make them fit for the digital age but these new figures show many organisations need to act now to make sure the personal data they hold is safe and secure,” said Minister for Digital and the Creative Industries, Margot James.
“We are investing £1.9 billion to protect the nation from cyber threats and I would urge organisations to make the most of the free help and guidance available for organisations from the Information Commissioner’s Office and the National Cyber Security Centre.”
As part of the Government’s Data Protection Bill, the Information Commissioner’s Office (ICO) will be given more power to defend consumer interests and issue higher fines to organisations, of up to £17 million or 4 per cent of global turnover for the most serious data breaches.
The new Bill requires organisations to have appropriate cyber security measures in place to protect personal data.
The Government is introducing new regulations to improve cyber security in the UK’s critical service providers in sectors such as health, energy and transport and has established the world-leading National Cyber Security Centre (NCSC) as part of plans to make the UK one of the safest places in the world to live and do business online.
Ciaran Martin, CEO of the NCSC, said: “Cyber attacks can inflict serious commercial damage and reputational harm, but most campaigns are not highly sophisticated.
“Companies can significantly reduce their chances of falling victim by following simple cyber security steps to remove basic weaknesses.
“Our advice has been set out in an easy-to-understand manner in the NCSC’s small charities and business guides.”
The new statistics also show that among those experiencing breaches, large firms identify an average of 12 attacks a year and medium-sized firms an average of six attacks a year.
However, the survey shows more businesses are now using the Government-backed, industry-supported Cyber Essentials scheme, a source of expert guidance showing how to protect against cyber threats.
It shows three quarters of businesses (74 per cent) and more than half of all charities (53 per cent) say cyber security is a high priority for their organisation’s senior management.
Organisations have an important role to play to protect customer data. Small businesses and charities are urged to take up tailored advice from the National Cyber Security Centre.
Larger businesses and organisations can follow the Ten Steps to Cyber Security for a comprehensive approach to managing cyber risks and preventing attacks and data breaches.