Over two-thirds of UK firms have fallen victim to a cyber-attack over the past year, with many claiming they don’t get enough guidance from the government on how to combat threats, according to RedSeal.
The security vendor polled over 500 UK IT professionals from mainly SMBs to better understand their cyber-resilience levels.
Some 68% claimed to have suffered at least one attack over the past 12 months, with 67% of these saying it had resulted in financial loss, over a third (37%) in customer attrition, and over a fifth (43%) in damage to their corporate reputation.
Nearly a third (31%) said the government doesn’t provide enough support on cybersecurity, despite the best efforts of the National Cyber Security Centre, which was set up two years ago with that mission in mind.
It has provided detailed advice for organizations in specific critical infrastructure sectors on how to comply with the new NIS Directive, for example, as well as implementing two-factor authentication and other crucial best practices, Cyber Aware advice for small businesses, and Cyber Essentials resources to encourage firms to get accredited with the baseline security standard.
Still, the RedSeal findings seem to show security shortcomings among many organizations. A significant minority (19%) said they had no incident response plan in place while nearly two-thirds (65%) of IT pros polled said they thought senior managers should pay more attention to cybersecurity in 2019.
The former is a serious issue given that both the GDPR and NIS Directive demand organizations have an effective plan in place should they suffer a successful attack.
Part of the challenge here is corporate culture and organization: just 30% of UK firms have a board member responsible for security, according to government figures.
Security bosses could help to break down the silos between their function and the boardroom by talking not in terms of cyber risk but business risk.
The RedSeal report’s findings are somewhat at odds with the government’s own report into cyber threat levels facing firms. Released earlier this year, it revealed that just 43% of companies had suffered a breach or attack over the previous 12 months.