UK businesses are at risk of sleepwalking into a reputational time bomb due a lack of awareness on how to protect their data assets, according to research released today by BSI, the business standards company. As cyber hackers become more complex and sophisticated in their methods, UK organisations are being urged to strengthen their security systems to protect both themselves and consumers.
The BSI survey of IT decision makers1 found that cyber security is a growing concern with over half (56%) of UK businesses being more concerned than 12 months ago. 7 in 10 (70%) attribute this to hackers becoming more skilled and better at targeting businesses. However, whilst the vast majority (98%) of organizations have taken measures to minimise risks to their information security, only 12% are extremely confident about the security measures their organization has in place to defend against these attacks.
Worryingly, IT Directors appear to have accepted the risks to their information security, with 9 in 10 (91%) admitting their organization has been a victim of a cyber-attack. Around half have experienced an attempted hack, and/or suffered from malware (49% in both instances). Around four in ten (42%) have experienced the installation of unauthorized software by trusted insiders, and nearly a third (30%) have suffered a loss of confidential information.
Managing risks key to protecting data assets
Despite the confidence in the security measures they have in place, 3 in 5 (60%) organizations have not provided staff with information security training; over a third (37%) have not installed anti-virus software; and just under half (49%) monitor their user’s access to applications, computers and software.
Conversely organizations that have implemented ISO 27001, the international Information Security Management System Standard, are more conscious about potential cyber-attacks than those who haven’t (56% vs. 12%). As such, 52% of organizations who have implemented ISO 27001 are extremely confident about their level of resilience against the latest methods of cyber hacking.
'The research revealed that businesses who can identify threats are more aware of them. Our experience confirms this, we know that organizations with ISO 27001 can better identify the threats and vulnerabilities to their information security and put in place appropriate controls to manage and mitigate risks,' said Mike Edwards, Information Security Specialist and Tutor at BSI.
Consumers looking to organisations that go above and beyond
This question on how to protect their data assets is leaving many business exposed, which in turn is impacting consumers. As consumers are spending more of their time and money online, their vulnerability to cyber-attacks is increasing. A consumer survey showed that nearly half of consumers surveyed had suffered from a cyber-attack/crime, yet only 4% have stopped using online services to reduce the risks.
Consumers are therefore looking to companies for protection, who in turn need to safeguard themselves and their customer data. However, there is an inherent lack of trust from consumers on how their data is handled by organizations with a third of consumers admitting they do not trust organizations with their data. On the other hand there is a level of acceptance that nothing online will ever be safe, leading to a false sense of security that ‘this will not happen to me’ amongst those who have not suffered from a cyber-attack/crime.
'Consumers want their information to be confidential and not shared or sold,' said Maureen Sumner Smith, BSI UK managing director.
'Those who want to be reassured that their data is safe and secure are looking to organisations who are willing to go the extra mile to protect and look after their data. Best practice security frameworks, such as ISO 27001 and easily recognisable consumer icons such as the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations. The research shows that the onus is on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.'