The government urges companies to take basic computer security precautions as incidents soar
Government research has found that two-thirds of large British businesses were hit by computer security breaches in the past year, but despite the dangers, many companies aren’t taking basic measures to defend themselves.
While one in four large companies said they experienced computer security breaches at least once a month, only half of all firms participating in the study had taken government-recommended actions to identify and address vulnerabilities.
Lack of preparation
About one-third of all companies had formal written computer security policies and only 10 percent had an incident management plan in place, the study found.
The most common attacks involved viruses, spyware or malware that could have been prevented with basic security measures, the government said.
The average cost of computer security incidents was £3,480, but the figure rose to £36,500 for large firms and one company covered in the survey suffered £3 million in damage due to a single breach.
“Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks,” said digital economy minister Ed Vaizey. “It’s absolutely crucial businesses are secure and can protect data.”
Separately, the manufacturers’ association EEF also called for companies to pay more heed to computer security after its study found almost half of manufacturers haven’t increased computer security investment in the past two years.
Security investment stagnant
“Investment in new technology isn’t being matched by investment in managing risks, especially among smaller firms,” said Lee Hopley, EEF’s chief economist.
Alongside its study the government released the latest iteration of its Cyber Governance Health Check, which it initiated following the high-profile theft of TalkTalk customer data last October, indicating large companies’ awareness of data security risks.
The report found nearly half of the top FTSE 350 businesses regard computer attacks as the biggest threat to their business, up from 29 percent in 2014.
Only one-third of these businesses understand the threat of a computer security incident, however, while only one-fifth understand the dangers of sharing information with third parties, according to the report, which also found that nearly two-thirds are now setting out their computer security strategy in their annual report.
The TalkTalk breach is thought to have cost the company between £40m and £45m on top of the loss of customers due to public concern at the incident.
£1.9bn IT security investment
The government said it sees computer security as a high priority, with plans to invest £1.9 billion in tackling computer crime over the next five years and a National Cyber Security Centre set to launch in the autumn to provide a centralised support for industry.
Announcing the national centre in November of last year, at the same time as the overall investment plan, chancellor George Osborne said it would be based at GCHQ and would concentrate on protecting the UK’s critical infrastructure from computer security threats, in particular those posed by nation states.
In April the Ministry of Defence (MoD) said it plans to spend more than £40 million on a separate Cyber Security Operations Centre (CSOC) to defend the MoD’s network from attack.
The government is due to publish a national computer security strategy later this year.
Are you a security pro? Try our quiz!