In a recent survey, it was found that nearly half of UK businesses (46%) have incurred a data breach in the last 12 months alone.
Over the past couple of years, cyberattacks on major companies have occurred more frequently, and their damage is costing organisations many thousands or even millions of pounds, plus enormous reputational damage. Bearing in mind these significant, unbudgeted costs, it is imperative that organisations devote significant effort and resources into preventing these attacks, as the problem will be with us for many years to come.
Drilling into the data of the Government’s Cybersecurity Breaches Survey 2017, 66% of medium-sized businesses (50-249 employees) identified at least one cybersecurity breach or attack over the last year; whilst for larger organisations (250 or more employees) the figure rose to 68% experiencing a similar rate of cybersecurity issues.
The problem that many organisations face is a lack of preparedness or even awareness of the lasting impact of a successful attack and data breach. According to Peter Erceg, senior vice-president of global cyber and technology at Lockton insurance brokers, organisations are seriously underestimating the effects a breach will have on their business: “It can take several months, if not years, to become entirely operational again after a large-scale breach-and for some firms, a full recovery may be a bridge too far. UK businesses are currently unprepared for the seismic waves that can decimate an organisation caught unawares.”
IT Directors can be forgiven for feeling that spending an increasing portion of their hard-won budget on preventative security detracts from adding value to the organisation by using the funds to drive innovation and growth, however lack of adequate protection can shrink a business, rather than grow it.
That is why the UK government has planned to invest £1.9bn to protect UK organisations from cyberattacks, in an attempt to provide a safer place to conduct business online; unfortunately the huge investment is yet to actually materialise. Additionally, the insurance industry is working harder to offer products that reflect and protect against the current problems in online operations, containing policies that pay for data breach fines, offering help to restore ‘lost’ data and providing professional advice to reduce the size and impact of the cyberattack. They will also liaise with the Information Commisioner’s Office (ICO) which has the power to impose heavy fines on organisations who fail to comply with regulations. Despite these encouraging developments in cyber insurance, there is still much for UK businesses to do to protect their assets against cyber threats.
The first step for businesses is learning about cyber defence and how to implement it effectively into their organisational structure. Organisations must fully understand the potential operational damages, the legal obligations of data breaches and the processes your they need to follow in order to protect themselves, whether this is implemented by an in-house department or outsourced to a third-party consultant. We find that because of the complexity and constant evolution of cybersecurity, many organisations will look towards third party companies to assist with their IT requirements, particularly as they realise that they are not data specialists who can keep pace with ever-adapting cybercriminals. However, it is imperative that companies also realise that outsourcing their cybersecurity does not mean they are not liable in the event of a data breach.
Craig Roberts of JSW insurance clarifies further:
“A lot of businesses outsource data management to a contractor or a third-party data storage company. But what they do not realise is that even though they are subcontracting it out they are still deemed to be the data controller – and therefore responsible for the data.”
A need to increase spending on what feel like necessary but unproductive preventative measures is a gloomy concept. But help is at hand. Expense Reduction Analysts are expert cost reduction analysts and can help to reduce both IT and other business costs, which can help to free up budgets for more productive use. In addition, our IT specialists can work alongside yours, to optimise your IT arrangements by implementing strategies, systems and processes that are best-suited to your business and its needs both now and in the foreseeable future. Get in touch with us today to find out more.
Article by: Simon Atkinson