According to the Cyber Security Breaches Survey 2016, cyber security is a top priority for 69% of UK businesses, but only:
- 51% have implemented recommended actions to identify cyber risks, e.g. health checks, risk assessments or audits;
- 29% have written cyber security policies; and
- 10% have a formal incident management plan.
Their efforts keeping the company safe from cyber attacks are not enough. Two thirds of large organisations had a security incident in the last 12 months – 25% at least once per month – for an estimated average cost of around £36,500.
54% of cyber threats could have been prevented
Given that the most common attacks for 68% of businesses are virus/spyware/malware and that the Cyber Essentials scheme could prevent around 80% of those threats, it’s pretty reasonable to assume (with a little bit of maths) that around 54% of these attacks could have been prevented if organisations had adhered to the scheme.
Lack of Cyber Essentials awareness
Half of the businesses analysed already have technical measures in the five areas identified by the Cyber Essentials scheme, but they may not know about the scheme itself. As a matter of fact, only 6% of organisations were aware of the existence of the Cyber Essentials scheme.
Get the basics right
If you haven’t heard about the Cyber Essentials scheme before, or if you want to know more about it and how your company can benefit from being certified, have a look at the below resources:
- What is the Cyber Essentials scheme? >>
- Guidance for SMEs >>
- FAQ about the scheme and the certification process >>
- How the certification process works >>
- Get started with the certification process >>