25% of UK businesses lack basic hacking safeguards

Bright blue code appearing on screen to denote hacking
(Image credit: Bigstock)

One in five UK businesses were targeted by cyber attacks over the past year, many of which lacked basic security measures to prevent the loss of personal data, according to a recent survey.

Today's report by the British Chamber of Commercerevealed that of 1,200 British businesses, 20% had suffered a cyber attack in the last 12 months.

Companies with more than 100 employees were the most likely to be hit (42%), compared to smaller firms (18%). The growing number of cyber attacks over the past year have led to a growing sense of unease among burgeoning UK businesses, with over 20% believing the threat is stifling company growth.

"Cyber attacks risk companies' finances, confidence and reputation, with victims reporting not only monetary losses but costs from disruption to their business and productivity," said Adam Marshall, director general of the British Chamber of Commerce.

However, the survey also found that only a quarter (24%) of businesses have cyber security accreditations in place, or basic safeguards to prevent hacking attempts, despite the growing threat of attacks and the number of highly publicised data breaches over the past year.

"Firms need to be proactive about protecting themselves from cyber attacks," added Marshall. "Accrediations can help businesses asses their own IT infrastructure, defend against cyber security breaches and mitigate the damage caused by an attack. It can also increase confidence among the businesses and clients who they engage with online."

Telecom provider TalkTalk was hit with a record 400,000 fine in 2016 for its own security failings, which led to the hack of more than 150,000 customer details, including the sensitive financial data of more than 15,000 people. UK data protection regulator, the Information Commissioner's Office, believed the company could have prevented the hack had it invested in basic security precautions.

Stephanie Weagle, VP at Corero Network Security, said: "Attackers will always find new exploits and new attack methods of disrupting financial opportunity, extortion, accessing personally identifiable data and disrupting an organisations online availability."

"Cyber attack activity is prevelant today, more than ever - especially when it comes to DDoS attacks. These attacks are taking centre stage as the techniques have become much more sophisticated in nature," added Weagle.

Marshall called for greater clarity when it comes to dealing with the aftermath of a cyber attack, as 63% of UK businesses are reliant on IT providers for resolving issues, compared to 12% of banks and 2% of law enforcement, which typically rely on in-house expertise, the survey found.

This will become particularly important given the impending move to the EU's General Data Protection Regulation(GDPR) in May 2018, which will require any company handling EU citizens' personal data to comply with tougher legislation.

"Companies are reporting a reliance on IT support providers to resolve cyber attacks," said Marshall. "More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cyber security breach."

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.