According to the recently released 2016 Risk:Value Report conducted by technology market researchers Vanson Bourne for NTT Com Security, UK businesses are the most pessimistic when it comes to cyber risks, compared with respondents from France, Germany, Norway, Sweden, Switzerland and the United States.
The report, which surveyed 1,000 business decision-makers in those seven countries, found that more than half (57%) of UK respondents agreed “that their organisation will suffer a data breach at some point”. Only a third of respondents disagreed.
When quizzed about the most likely effects of a security breach:
- 66% of respondents said a loss of customer confidence
- 57% said damage to reputation
- 50% said a financial penalty from a sector body or the government
- 41% said direct financial loss
- 39% said a loss of shareholder value/share price.
£1.2 million data breach recovery cost
It was found that, on average, it would take an organisation around eight weeks to recover from an incident, and respondents estimated that this would cost their organisation around £1,200,000 if they lost information as a consequence of a breach.
Cyber security solutions
The inevitability of cyber attacks should be driving all businesses in the UK to implement a base level of information security as an absolute minimum.
The government’s Cyber Essentials scheme sets out five security controls that “could help prevent around 80% of cyber attacks”.
There are two levels of certification to the Cyber Essentials scheme: Cyber Essentials and Cyber Essentials Plus.
- Cyber Essentials requires a company to complete a self-assessment questionnaire, which must be signed off by a senior company representative and then verified by an external certification body. An external vulnerability scan is also required if the company chooses to be certified by a CREST-accredited certification body such as IT Governance.
- Cyber Essentials Plus requires a more advanced level of assurance. In addition to meeting the requirements of Cyber Essentials, organisations must undergo an internal assessment and internal scan conducted on-site by the certification body.
More than 1,200 organisations have already achieved certification to the scheme. Certification demonstrates to customers and business partners that fundamental cyber security measures are in place, and provides evidence to validate your organisation’s security posture.