Businesses in the UK are at risk of sleepwalking into a reputational time bomb due to a lack of awareness on how to protect their data assets, according to new research by BSI. As cyber hackers become more complex and sophisticated in their methods, UK organizations are being urged to strengthen their security systems to protect both themselves and consumers.
The BSI survey of IT decision makers found that cyber security is a growing concern with over half (56%) of UK businesses being more concerned than 12 months ago. 7 in 10 (70%) attribute this to hackers becoming more skilled and better at targeting businesses. However, whilst the vast majority (98%) of organizations have taken measures to minimize risks to their information security, only 12% are extremely confident about the security measures their organization has in place to defend against these attacks.
These concerns echo those in the annual Horizon Scan survey carried out by the Business Continuity Institute and sponsored by BSI, which showed that cyber attacks and data breaches are the joint second biggest concern for business continuity practitioners. In the 2014 report, 73% of respondents to a global survey expressed either concern or extreme concern about each of these threats materialising.
Worryingly, IT Directors appear to have accepted the risks to their information security, with 9 in 10 (91%) admitting their organization has been a victim of a cyber-attack. Around half have experienced an attempted hack, and/or suffered from malware (49% in both instances). Around four in ten (42%) have experienced the installation of unauthorized software by trusted insiders, and nearly a third (30%) have suffered a loss of confidential information.
Organizations need to safeguard themselves and their customer data, however there is an inherent lack of trust from consumers on how their data is handled with a third of consumers admitting they do not trust organizations with their data. There have been many high profile data breaches in the last few years that help demonstrate just why this lack of trust is justified. On the other hand there is a level of acceptance that nothing online will ever be safe, leading to a false sense of security that ‘this will not happen to me’ amongst those who have not suffered from a cyber-attack/crime.
Maureen Sumner Smith, UK Managing Director at BSI added: “Consumers want their information to be confidential and not shared or sold. Those who want to be reassured that their data is safe and secure are looking to organizations who are willing to go the extra mile to protect and look after their data. Best practice security frameworks, such as ISO 27001 and easily recognizable consumer icons such as the BSI Kitemark for Secure Digital Transactions can help organizations benefit from increased sales, fewer security breaches and protected reputations. The research shows that the onus is on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.”