More Than Two-Thirds of UK Orgs Have Been Hacked

A full 70% of UK businesses have been subjected to at least one security breach over the past year, with some companies experiencing frequent attacks on their systems.

According to CompTIA’s International Trends in Cybersecurity report, UK businesses actually are facing fewer security breaches than the global average (70% compared to 73%). But, they are dealing with more consistent attacks on their systems, with 11% of British businesses being breached more than 10 times in a year, two percentage points higher than the international average.

“It is alarming to see that so many UK organizations are facing security attacks,” said Graham Hunter, vice president, Skills Certification, Europe and Middle East at CompTIA. “Companies are becoming ever more reliant on computer systems and data, and hackers are aware of this, which is one of the reasons that attacks are increasing. There is valuable data here that attackers can exploit and businesses need to ensure that this information is secure.”

He added that businesses need to focus on both on internal and external risks to data.

“Although external threats to an organization’s information must be tackled, it is important not to forget that data is still under risk from inside a company as well,” he said. “The report highlights this, with 60% of UK responses indicating that human error is a major contributor to security, with general carelessness and IT staff failure to follow policies being the main cause of this.”

There was a bit of good news. The research showed that 66% of those surveyed expect cybersecurity to become a higher priority over the next two years. While many firms are already using some type of security training to improve security knowledge amongst employees, only 27% of organizations rate the training as extremely effective. The introduction of new EU Data Regulations is likely to renew this effort in the near future.

Hunter explained: “The incoming regulations from the European Union will play a big role in how businesses shape their security practices in the future. Once the laws are implemented in spring 2018, companies that are not meeting standards will face heavy fines, meaning UK businesses will have to put security at the top of the agenda going forward and it’s positive to see most are already taking steps to do this.”

Even so, employee awareness at all levels is a critical aspect for combatting this state of affairs; CompTIA recommended that organizations make sure that all of a business’s staff are aware of the value of its data and understand what they need to do to ensure that this information remains safe.

On the education front, CompTIA will soon launch its CyberSecure educational program in the UK. CyberSecure is designed to be a part of HR training programs and give every employee, from a CEO to office cleaner, a fundamental understanding of cybersecurity and how their everyday actions could lead to a data breach.

“Focusing on fostering security skills through tools like CyberSecure will enable organizations to be more confident that their staff have the tools needed to prevent documents and personal information falling into the wrong hands,” Hunter said.

Photo © wk1003mike

What’s Hot on Infosecurity Magazine?