Almost half of UK businesses do not have cybersecurity plans to protect themselves and their customers. The Institute of Directors (IoD) Policy Report, released earlier this month and supported by Barclays, states that 95 percent of IoD members agree that cybersecurity is important to their business but 45 percent of them do not have a formal cybersecurity strategy. U.K. businesses are aware of the threat posed by cybercrime, especially on mobile and tablet devices, but barely 50 percent of them protect all of their devices and less than 37 percent use virtual private networks (VPNs). In the event of cyberattack, four out of ten of the members do not know who to contact.
Richard Brown, Director EMEA Channels & Alliances at Arbor Networks said “The fact that more than a third of UK businesses lack a formal strategy against cyber-attacks is shocking. Attack methodologies are evolving by the day and as such, it is no longer acceptable for businesses to be complacent about their cyber security strategy. Businesses must take the fight to cyber-criminals with improved intelligence sharing and better co-operation with law enforcement. Organisations should also instrument their internal networks so that they have broad and deep visibility of network traffic, threats and user behaviour.”
Bloomberg BNA says the risky behavior found among IoD members agrees with the result of the 2016 Norton Cyber Security Insights Report states that 76 percent of consumers know they must actively protect their information online, but they still share passwords and engage in other dangerous behaviors. Globally, 35 percent of people have at least one unprotected device leaving their devices vulnerable to ransomware, malicious websites, zero days, and phishing attacks. 66 percent of the respondents did not protect their home Wi-Fi Networks and 61 percent said they entered their financial information online when connected to public Wi-Fi. According to Computer Business Review, employees’ conducts can also impair cybersecurity. Mobile devices being carried inside and outside the office by employees at an all-time high constitute constant high risk of contamination to the security and network threshold of a business.
The IoD report surveyed 844 respondents. 71 percent of them said they used more than five passwords across different accounts. This is good news if the passwords are not easy to guess. It means if one account is hacked, others may not be vulnerable. The IoD report recommends businesses to take “practical steps” to prepare for cybersecurity threats, including running simulations, having regular awareness training, scrutinizing server suppliers, and incentivizing employees to spot false emails and phishing attack attempts.With new legislation in the form of the EU’s General Data Protection Regulation (GDPR) on the way, the report calls on firms to ensure that they are equipped for the 21st century.
“Government, too, needs to do more to point busy business leaders towards existing schemes and advice, and making schemes more relevant. They might also consider encouraging training through ‘nudges’ on the business community. Ultimately, however, this is a matter for business – in a digital economy, it’s the equivalent of installing a burglar alarm,” the report stated.
The Institute of Directors is a UK Professional Institute with members which promotes directors, develops corporate governance, and represents members and businesses to government.