Cyber-attacks are a growing threat to businesses of all sizes, with the latest Government Security Breaches Survey finding that two thirds (65 per cent) of large organisations were affected by a breach in the last year, along with half (51 per cent) of medium-sized, and a third (33 per cent) of small organisations.
What's more, it seems too many businesses still aren't taking the threat seriously, with the 2016 Global Threat Intelligence Report from NTT Com finding that roughly 77 per cent of organisations are unprepared for cyber-security incidents. That's a lot of vulnerable businesses!
You only need to look at examples in the news to see the potential financial and reputational costs of a data breach. Take TalkTalk for example, which suffered a breach and the loss of around 157,000 customers' data last year. It's estimated that the incident cost the company a total of £60m, along with between 100,000 and 250,000 of lost customers.
More recently the beleaguered Yahoo! has faced a similar situation, with at least 500 million user accounts compromised in what many are saying is the biggest data breach in history. Not only does it further dent the reputation of the former internet giant, it could also jeopardise its takeover $5bn takeover by Verizon. The financial and reputational fall-out don't bear thinking about.
So, if you're one of the unprepared 77 per cent, what should you be doing?
First things first, a cyber risk assessment helps you understand the areas you need to protect and those where you could be most vulnerable.
Start by auditing the data and information you hold that is most valuable and therefore where you need protection. Then look at how you store this data, who has access to it and how it's protected. This will help give you an idea of where you could be most at risk.
If you're not confident carrying out a risk assessment, then you might want to consider hiring an expert to do this for you.
Once you've identified your most valuable data assets, make sure you've covered all the bases to secure it with the appropriate technology, including firewalls, anti-malware and anti-virus software on all your computers and devices. If some or all of your data is stored in the cloud, make sure your provider has watertight security controls.
If you don't have any dedicated IT expertise in house, it's probably best to consult an expert on the best approach for your needs.
The right technology is of course hugely important, but getting your people and processes up to speed perhaps even more so. A scary 95 per cent of cyber incidents involve human error, according to a study by IBM, yet this is an area that is often overlooked - the Government's recent survey found that only 17 per cent of businesses have given staff some kind of cyber security training in the last 12 months.
Your communication should begin with a cyber security policy, outlining key processes and procedures, what staff should and shouldn't do, and the potential repercussions if the guidelines aren't followed. The exact issues covered will vary from business to business but potential topics could include:
You should ensure the cyber policy is easily accessible to all employees, is updated regularly, and that staff are also given training around the issues at least every 12 months.
And for further insights on how to avoid employee misuse of data, check out our dedicated blog here.
Even with the best technology and security measures, sometimes you're powerless to stop a breach. Which is where an effective response plan comes in, enabling you to control the situation as quickly as possible, with minimum impact to you and your customers.
Yet, despite its importance, only 30 per cent of organisations have a breach response plan in place, potentially leaving them floundering in the event of an attack.
An effective response plan should include the following elements:
If the worst does happen and you're facing the repercussions of a data breach, your final line of defence is a watertight and specialist cyber insurance policy.
Some key aspects to look out for include:
Finally, it's also worth noting that the new data protection regulations coming into force in 2018 mean the potential impacts of a breach will become even greater. The new rules will give customers greater powers to take legal action in the case of a breach, while fines are set to increase to as much as €20m. So even more of a reason to make sure you're on top of cyber security - before it's too late!
Food for thought
It only takes 2 minutes to get a quote.