Advancements in technology enabling businesses to store and access data more easily have brought an increased risk of information being subjected to a cyber attack.
This is a cause for concern but a recent ICSA Boardroom Bellwether survey revealed that 80 per cent of company boards are failing to take the threat of cyber attack seriously.
Small Businesses are Experiencing Significant Increases in Cyber Attacks
The Department for Business, Innovation and Skills (BIS) revealed that cyber attacks against businesses are on the rise and there has been a significant increase in attacks over the last year. The Information Security Breaches Survey found some attacks caused more than £1 million of damage.
The survey also showed that while large firms were the main target for cyber attacks, attacks on small firms had increased in the last year with up to 87 per cent of small firms being attacked.
Figures further show that an attack can cost a small business 6% of its turnover with the average cost of severe breaches ranging from £35,000 to £65,000. This should make small business owners sit up and take notice. Likewise, large organisations which remain the most targeted, suffered average costs ranging from £450,000 to £850,000.
Why Strong Internal Procedures are Important in Fighting Cyber Attacks
Strong internal procedures are an important factor in protecting business for two principal reasons. Firstly, data protection laws require that certain standards are met in the collection and management of corporate personal data. Secondly, parties transacting with businesses as customers or suppliers expect a degree of confidence in their dealings with those businesses.
Therefore, in a bid to prevent the further rise of cyber attacks, the Technology Strategy Board has extended a scheme to allow SMEs to bid for up to £5,000 to improve their security. BIS is also publishing a guide to help small businesses improve their security.
Making Strong Internal Procedures Effective
While there is no easy solution for preventing cyber attacks, businesses can and should take policy measures to safeguard their information and technology systems. GCHQ estimates that up to 80% of cyber attacks could be prevented with simple best practice procedures such as reporting suspicious emails. Broad measures may include:
- Appointing a senior person to be responsible for information security.
- Implementing appropriate policies for all employees.
- Providing training to employees regarding company information and IT polices.
- Maintaining adequate monitoring and enforcement procedures to ensure compliance with policies.
- Carrying out due diligence on the security offered by IT providers.
- Auditing stored information and ensuring information is encrypted where appropriate.
Information security policies should take into account legislative, technical and operational factors and be actively publicised within the organisation.
Comment
A cyber attack can have devastating effects on a business; not only because of the value of that data to the organisation but also because of the increasing regulatory scrutiny. If an organisation fails to take appropriate steps to prevent or minimise the risks of an attack, it may face stiff penalties from regulators, litigation from injured parties and a loss of stakeholder confidence. If you need assistance to ensure your website policies and procedures are up to date, Rollingsons has experienced lawyers who can assist you. For more information please contact James Crichton via e-mail jcrichton@rollingsons.co.uk or by telephone on 0207 611 4848.
