Just under half of all British businesses were victim to at least one cyber security breach last year, according to a government report. The 2017 report, commissioned by the Department for Culture Media and Sport, found that 46 per cent of all businesses discovered at least one cyber security breach in 2016, with the average cost to firms ranging between 1,570 and 19,600. It pointed out that larger firms tend to incur much more substantial costs from cyber security attacks, which it said could reflect the increased complexity of the breaches, or because they have more sophisticated systems that are harder to repair. The report, which is part of the government s National Cyber Security Programme, warned that costs could come from the loss of customers, data or assets, handling customer complaints, and dishing out compensation, fines or legal fees. This comes after cyber experts warned1 that improvements to banks cyber systems could displace some of the threats onto other sectors, such as financial advice businesses. The cost can rise into the millions, with the loss often ultimately borne by the financial sector.
According to the government survey, only a third of the 1,523 businesses questioned have a formal policy on cyber security in place. However, it found that small businesses were more likely to have installed cyber security systems than they were last year, with almost a quarter now having formal processes in place, up from 15 per cent in 2016. The study, which was conducted in January and February this year, said this aligns with the increasing importance these smaller businesses now attach to cyber security. A positive picture was also painted in terms of the speed with which businesses identify breaches, with 90 per cent of firms recognising an attack within 24 hours.
The report found that 60 per cent of the 350 financial firms questioned outsource their cyber security to specialist providers. Marcus Scott, chief operating officer at think tank the City UK, said cyber security is increasingly becoming one of the biggest challenges facing businesses. While the average cost of a breach is 20,000, this can rise into the millions, with the loss often ultimately borne by the financial sector. Earlier this year, the City UK set up a task force to help boost understanding of cyber risk and encourage firms to take action to tackle the problem, such as working on system recovery issues and sharing best practices across other businesses. It also recommended that cyber security be managed effectively by boards, echoing advice in the report about the need for oversight of security issues at a board level. Other recommendations from the City UK included making sure cyber risk is a part of the entire business strategy. The government report found there were more breaches reported by those firms taking action to protect themselves, which it suggested could indicate that they are better at identifying when their systems have been compromised.