The rate at which businesses are experiencing cybersecurity breaches is alarming. The latest UK government survey found that in the last 12 months, 39% of UK businesses identified a cyber-attack. Within this, 31% of businesses estimate they were attacked at least once a week.
We see cyber-attacks frequently reported in the news, many of them high-profile:
- In May 2020, a sophisticated cyber-attack breach exposed the data of 9 million easyJet customers. Data accessed in the breach included travel details, email addresses, and the complete credit card details of 2,208 customers (BBC News).
- The Marriot Hotels chain was fined £18.4 million for a major data breach affecting approximately 339 million guests, among the records were sensitive credit card information and passport numbers (BBC News).
Without effective IT security, your business cannot defend itself against data breaches and is an easy target for cybercriminals.
Why is it important?
Businesses have never been more vulnerable. The risks are high, and the consequences can be devastating. With a lack of focus on IT security, businesses are at risk of financial and reputational damage. From the direct costs of attacks, such as information theft and disruption to trading, to repairing inadequate systems and downtime. Then there is the incalculable damage to your reputation to think about.
This is not just a problem for big organisations. Many small companies wrongly presume they are not a target and so don’t invest in IT security. In fact, small businesses are becoming increasingly targeted, and the results are often more devasting as small businesses simply can’t afford the costs.
Businesses have the increased pressure of more complex security issues and strict compliance with legislation, such as the General Data Protection Regulation (GDPR). With businesses facing heavy fines for data breaches. In 2020, British Airways were issued fines of £20 million for failing to protect the personal and financial details of more than 400,000 of its customers. An ICO investigation reported inadequate security measures.
Even though cyberattacks are becoming more common, it’s evident that businesses are not prepared enough to deal with them.
A hybrid workforce
Whilst cybercrime has always been a problem, the COVID-19 pandemic led to a 600% increase and raised even more challenges. The pandemic saw a rapid transformation in our working habits as most of the world became more dependent on the internet. As organisations introduced new technologies and ways of working, they inadvertently introduced new dangers. Attackers took advantage of the shift to remote working exposing gaps in online security. When Zoom sign-ups neared their pandemic peak in April of 2020, hackers breached 500,000 accounts and either sold or freely published them on the dark web.
With these new ways of working here to stay, businesses need to be more vigilant than ever before. Employees working from home may not have the same level of security as they have at their offices. In fact, 74% of security decision makers claim that information security systems and controls have become more complex due to widespread remote work. The good news is this also provides an opportunity to rethink strategies and embed security into the whole organisation. According to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches involved the human element. As one of the biggest risks – the human factor is also one of the biggest opportunities. Educating and training employees on cybersecurity is a smart place to invest some time to help them protect your business.
The future is now
As technology and cyberthreats evolve, organisations need to take action to build long term resilience. Recent research from PWC found that almost two-thirds of UK organisations are increasing their cyber security budgets in 2022.
Setting up an information security management system such as ISO 27001 can help your business keep information safe and stay compliant with the latest legislation. Cybersecurity is critical to the future of your business and it’s becoming impossible to ignore.
To find out how we can help your business with information security, give the QMS team a call today on 0808 506 2056.