Data breaches are big news now. With the introduction of GDPR, the possibility of companies being hit with substantial fines has turned cyber security into a mainstream business risk issue – no longer is it a technology issue.
But is cyber security a wide-spread problem? If you’ve not been affected, you may well think it’s a bit of a storm in a teacup. In fact, if your business has not been affected by a data security breach in the past year, you are in the minority. 52% of businesses in the UK had some form of cyber security breach in the past year.
It’s no wonder. Cyber criminals use a bit of kit called an exploit kit to attack vulnerabilities in systems, to distribute malware and other dodgy dangerous things. Yet a staggering 99% of computers are vulnerable to exploit kit attacks.
If the amount of cash invested in cyber security is an indicator, then businesses still don’t see this as a high priority. In 2017, small businesses in the UK invested £2,600 each in their cyber security. Yet the total cost to UK business of cyber security breaches in 2016 amounted to approximately £30 billion. Despite the size of the risk, only 25% of small firms gave their staff training in cyber security in 2017.
This is particularly relevant when you look at the causes of data security incidents. Malware caused just 14% of incidents, with theft responsible for 22%. Top of the league with 37% are employees, generally down to their own negligence.
This points to the importance of creating the right culture in your business, where education and awareness are critical aspects in helping protect the integrity of your cyber security. You’ll also need to look carefully at how your staff work, as much as what they do. If you have tight security protocols at work, yet staff work from home or remotely, then they may well be bypassing the very procedures you have put in place.