One in five British businesses has been hit by a cyber attack in the past year, according to the British Chamber of Commerce (BCC).
Polling more than 1,200 UK businesses, the BCC found that 20% had been hit by a cyber-attack in the last 12 months. It was revealed that big businesses are far more likely to be targeted by hackers (42%), rather than smaller firms (18%).
“Cyber-attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses but costs from disruption to their business and productivity. While firms of all sizes – from major corporations to one-man operations – fall prey to attacks, our evidence shows that large companies are more likely to experience them,” said Dr Adam Marshall, Director General of the BCC.
The results indicate that businesses are most reliant on IT providers (63%) to resolve issues after an attack, compared to banks and financial institutions (12%) or police and law enforcement (2%).
With 21% of businesses believing that the threat of cyber crime is preventing company growth, it seems staggering that such little attention has been paid to accreditation – even more so that GDPR is looming.
Only a quarter (24%) of businesses have cyber security accreditations in place, with smaller businesses far less likely to have accreditation (10% of sole traders and 15% of those with 1-4 employees) than big businesses (47% with more than 100 employees). The BCC survey echoes the findings of a recent IoD survey, in which it was found that nearly half of UK businesses do not have a formal cyber security strategy implemented.
“Firms need to be proactive about protecting themselves from cyber-attacks. Accreditations can help businesses assess their own IT infrastructure, defend against cyber-security breaches and mitigate the damage caused by an attack. It can also increase confidence among the businesses and clients who they engage with online,” said Dr Marshall.
“Businesses should also be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don’t adopt the appropriate protections leave themselves open to tough penalties.”