Cyber-Attacks and GDPR: Are UK Businesses Ready?
New figures have revealed that nearly half of all UK businesses suffered a cyber attack or breach in the last year and that fewer than four in 10 are aware of the incoming General Data Protection Regulation (GDPR).
Protect your business, urges DCMS
The Cyber Security Breaches Survey 2018 from the Department of Digital, Culture, Media and Sport (DCMS) reveals that the most common types of cyber-threat were fraudulent emails, the impersonation of organisations online, and malware and viruses. Fraudulent emails were often used to attempt to coax staff into revealing passwords or financial information, or opening dangerous attachments.
Businesses are being urged to do more to protect themselves against cybercrime. 43% of businesses suffered a cyber breach or attack in the past 12 months and this figure rises to 72% among large businesses. However, 33% of small businesses don’t offer guidance on password security to staff.
Smaller firms are still experiencing a significant number of cyber-attacks, with 42% of small businesses identifying at least one breach or attack in the past 12 months.
Minister for Digital and the Creative Industries, Margot James, said: “We are strengthening the UK’s data protection laws to make them fit for the digital age, but these new figures show many organisations need to act now to make sure the personal data they hold is safe and secure.
“We are investing £1.9 billion to protect the nation from cyber threats and I would urge organisations to make the most of the free help and guidance available for organisations from the Information Commissioner’s Office and the National Cyber Security Centre.”
As part of the Government’s Data Protection Bill, the Information Commissioner’s Office (ICO) will be given more power to defend consumer interests and issue higher fines to organisations, of up to £17 million or 4 percent of global turnover for the most serious data breaches.
The GDPR requires organisations to have appropriate cybersecurity measures in place to protect personal data.
Information Commissioner, Elizabeth Denham, said: “With the new data protection law, the General Data Protection Regulation (GDPR) taking effect in just a few weeks, it’s more important than ever that organisations focus on cyber-security.
“Increasing the public’s trust and confidence in the way people’s data is handled is our priority and good data protection practice will go some way to making the UK the safest place to be online.”
The Government is also introducing new regulations to improve cybersecurity in the UK’s critical service providers in sectors such as health, energy and transport, and the National Cyber Security Centre (NCSC) has been established as part of plans to make the UK one of the safest places in the world to live and do business online.
Ciaran Martin, CEO of the NCSC, said: “Cyber-attacks can inflict serious commercial damage and reputational harm, but most campaigns are not highly sophisticated.
“Companies can significantly reduce their chances of falling victim by following simple cybersecurity steps to remove basic weaknesses.”
The report showed that more businesses are now improving their cyber-security via the Government-backed, industry-supported Cyber Essentials scheme.
How to Prepare Your Small Business
Cyber-Security: Small businesses can access tailored advice from the National Cyber Security Centre. They can also increase their defences and significantly reduce the return on investment for attackers by enrolling on the Cyber Essentials initiative and following the regularly updated technical guidance on Cyber Security Information Sharing Partnership and the NCSC website.
GDPR: Organisations which hold and process personal data can check and prepare for compliance by following the guidance available from the Information Commissioner’s Office and/or calling its dedicated advice line for small organisations. There is also a GDPR checklist, and 12 steps to take now to prepare for GDPR.
Cyber-attacks can cost small businesses their reputation and a great deal of money, while failing to maintain data securely could now cost them money in itself with the introduction of GDPR and significant fines for those not complying.
If you run a small business, make cyber-security and data protection a priority and keep it top of your agenda permanently, ensuring anti-virus programmes and training are kept updated and security protocols are followed.
Are you GDPR ready? Do you think this will help small businesses deal with cyber-attacks or is more needed? Please share your thoughts.