In a world where major data breaches, cracked password lists, DDoS attacks and organisations being held to ransom over encrypted data are as common as moon phases, it’s should be unforgivable for the commercial world not to respond with preventative measures and updated levels of protection and resilience, yet a new report by the UK Government appears to show quite the opposite.
69% of businesses say cyber security is a high priority for senior managers, but only 29% have formal written cyber security policies
Does this suggest the issue isn’t as bad as the reports suggest, do these attacks not happen as often as reported, there really a risk, is the noise around cyber security just an exercise in sabre rattling to allow governments to generate budgets to defend against cyber espionage, self-perpetuating the security issue?
65% of large firms detected a cyber security breach or attack in the past year, 25% of these experience a breach at least once per month
The survey results show attacks and breaches are regular, but interestingly note the use of the words breach and attack, an attack could be one that is prevented but registered, but a breach would be where an attacker has gained access to data, networks or devices.
There is an apparent view that security breaches are only really a concern if they occur. Some businesses are taking steps, but often these are just small steps, albeit in the right direction. If there were a spate of thefts from garden sheds in your street, you would check locks, add security lights or cameras. Not wait until you find your lawnmower gone and then add a shiny new lock!
We run the risk of our personal data, held by companies we transact with, becoming a cheap commodity, where it’s almost an expectation that an attack will obtain this data in just another data breach. This could reduce the effectiveness and viability of digitised transactions.