Two thirds of large UK businesses “experienced a cyber breach or attack in the past year”
This week, the government issued two new reports: the Cyber Security Breaches Survey 2016 and the FTSE 350 Cyber Governance Health Check Report 2015, each of which looks at how the UK’s businesses are addressing the cyber threat.
Findings are broadly positive, demonstrating that boards are at last beginning to realise the scale of the problem, but businesses shouldn’t be complacent: board-level oversight of cyber security issues needs to continue to increase, especially with the introduction of the new EU General Data Protection Regulation (GDPR).
Among its key findings, the Cyber Security Breaches Survey determined that:
- 69% of businesses say cyber security is a high priority for senior managers.
- 65% of large firms detected a cyber security breach or attack in the past year.
- 48% of businesses now have technical measures in the areas set out by the government’s Cyber Essentials scheme.
Minister for the Digital Economy Ed Vaizey commented:
The UK is a world-leading digital economy and this Government has made cyber security a top priority. Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data. As a minimum companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.
FTSE 350 cyber security
Looking to larger organisations, the FTSE 350 Cyber Governance Health Check Report 2015 found that:
- 33% of boards have clearly set and understood their appetite for cyber risk (up from 18% in 2014).
- 49% of businesses place cyber risks as a top risk (up from 29% in 2014).
- 77% of businesses have allocated budget specifically to protect customer data.
These statistics show an encouraging increase in board-level cyber risk awareness, but there is still a long way to go. All businesses should set and understand a cyber risk appetite. All businesses should allocate budgets to protecting customer data.
All boards need to ensure that cyber security is at the top of their agenda. The cyber threat is daily increasing in severity and scale, and new laws reflect this.
When the new EU General Data Protection Act (GDPR) comes into play on 25 May, 2018, all organisations that process personally identifiable information will need to have measures in place to protect it, or face fines of up to €20 million or 4% of annual global turnover – whichever is the higher.
EU GDPR audit
Two years isn’t long to prepare for the GDPR. If you haven’t done so already, you need to start your change programmes now.
All organisations should have a clear idea of the personal information they hold, including where it originated from and who it can be shared with.
Certified EU GDPR Foundation training course
If you need to learn about the GDPR’s requirements, how they’ll affect your organisation, and how you can achieve full compliance with the Regulation, you’ll be interested in our one-day GDPR Foundation training course.
EU General Data Protection Regulation Documentation Toolkit
Pre-order the EU GDPR Documentation Toolkit and receive all the critical documents your organisation needs to ensure compliance with the new Regulation, including documents covering data protection policy, DPO requirements, privacy impact assessments, incident response and breach reporting.
Alternatively, email firstname.lastname@example.org or call +44 (0)845 070 1750.