Two thirds of large businesses in the UK experienced a cyber breach or attack in the past year, according to new government research.
The government said some of the breaches caused millions of pounds in damages, but the most common attacks – involving viruses, spyware or malware – could have been detected using its Cyber Essentials scheme.
The survey found that while one in four large firms experiencing a breach did so at least once a month, only half have taken its recommended actions to identify and address vulnerabilities.
Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.
Ed Vaizey, minister for the digital economy, said companies can do more to protect their data.
“Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks,” he said. “It’s absolutely crucial businesses are secure and can protect data. As a minimum, companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.”
>See also: Top 10 most devastating cyber hacks
Results from the survey were released alongside the government’s new Cyber Governance Health Check, launched in response to a cyber attack on TalkTalk in October 2015 that saw personal details of up to 4 million customers accessed.
Almost half of FTSE 350 businesses regard cyber attacks as the biggest threat to their business when compared with other key risks – up from 29% in 2014 – according to the survey.
It also found that only a third of FTSE 350 businesses understand the threat of a cyber attack, and just one in five companies have a clear view of the dangers of sharing information with third parties.
Many firms are, however, getting better at managing cyber risks, with almost two thirds now setting out their approach to cyber security in their annual report.
The government has pledged to invest £1.9 billion in tackling cybercrime over the next five years and has encouraged all businesses to take action.
Its ‘10 Steps to Cyber Security’ provides advice to large businesses, while the Cyber Essentials scheme is available to all UK firms. The government is also creating a National Cyber Security Centre that gives businesses a ‘one-stop-shop’ for cyber security support.
A new national cyber security strategy will be published later in 2016 setting out the government's plans to improve cyber security for the public sector, private sector and consumers.