Government plans to improve cyber resilience in businesses could be at risk
31 May, 2022
… unless barriers are addressed, warns Skurio’s CEO
New research from Skurio reveals lack of expertise, knowledge and insufficient budgets are obstacles to organisations proactively defending against cyber attacks
Skurio calls for wider education about the evolving cyber threat landscape and ‘Cyber Resilience’ grants from the Government.
The barriers to organisations having greater cyber resilience against escalating attacks must be addressed, especially in light of new Government plans and possible reform around cyber resilience, advises Jeremy Hendy, CEO of Skurio – the Digital Risk Protection specialist for SMEs across 37 countries.
According to new research published today by Skurio, just under half of the 257 private and public sector organisations surveyed stated that insufficient resources and lack of in-house expertise prevent their organisation from keeping up with and protecting against new cyber threats. The remainder cite insufficient funds for new staff, technology or outsourcing, as well as a need for greater awareness about the cyber threat landscape. Some who are not armed with this knowledge even believe there is no need to invest in additional cybersecurity.
The research highlights that whilst most businesses now have some form of digital risk protection (DRP) in place, this is typically delivered via supplementary features in solutions such as Microsoft 365, password management and antivirus software. 60% of organisations admit they are not well or fully protected against threats from data breaches, malicious domains, supply chain risks and intellectual property attacks. Organisations admit they are exposed to a breadth of cyber vulnerabilities and their most pressing concerns include:
• Network attacks
• Data breaches from the organisation’s own network and staff
• Data breaches from third-party suppliers
The call to action from Skurio’s CEO follows the Government’s recent consultation on proposals to improve the management of cyber risk within organisations and ensure the UK regulatory framework remains effective. At the end of 2021, it was estimated that cyberattacks cost the global economy a staggering $6 trillion. Cybersecurity Ventures estimate it could escalate to $10.5 trillion by 2025. Cybercrime has accelerated since the beginning of the pandemic, with hackers quick to exploit the growth in home working practices. Many staff continue to work hybrid patterns and so it is critical to put tighter cybersecurity controls in place.
Jeremy Hendy, CEO of Skurio comments:
“With cybercriminal activity escalating across the surface, deep and Dark Web, it’s critical that the industry and Government get to the root of why organisations are not able – or in some cases willing – to put additional proactive measures in place within their organisation.
“The Government is set to respond to the consultation so the pressure is mounting for businesses to ensure they are doing everything to mitigate risk against cyber-attacks and data breaches.
“A greater education drive from both the cybersecurity industry and the UK Government will go a long way to ensure millions of employers and employees have improved awareness of the latest cyber threats. If the status quo persists, they and their suppliers will remain exposed to threats.”
Skurio’s calls to action include:
Education, Education, Education
Fill the knowledge gap: The biggest cyber threats
Businesses ‘don’t know what they don’t know’. The reality is cybercrime activity across the surface, deep and Dark Web is escalating. Customer and company data, personal profiles and passwords are becoming the most sought-after goods on Dark Web forums. Ransomware attacks are routinely involving “double-extortion” techniques where data is stolen and potentially exposed regardless of whether a ransom is paid. The upsurge in malicious domains is relentless, with consumers routinely tricked into believing they’re in contact with a genuine brand or organisation, only to discover that the goods and services are fake – and having their personal data stolen too. Inevitably, we have also seen an increase in third-party breaches due to more complex digital supply chains.
“I’ve got enough protection”: Tackle the misconceptions
One of the biggest misconceptions organisations have is that their firewalls, spam filters and anti-virus software provide sufficient protection to defend them against cyber security attacks. Even if these defences are watertight, any organisation is still at risk from supply chain attacks or data breaches from third-party apps and “shadow IT” that employees routinely use.
“It won’t happen to me”: Need for a reality check
There is also a belief amongst SMEs that cyber-attacks are predominantly directed at the largest enterprises. In truth, small and mid-sized organisations are now prime targets for many cybercriminals. Largely because their defences are less well developed.
Indeed, this business segment is a prime target for today’s cybercriminals. In 2021, 39% of small businesses and 65% of medium-sized businesses reported breaches or attacks on their systems, according to research from the Department of Digital, Culture, Media, and Sport.
A small or mid-size business may think it will be one of the lucky ones, or that it is too small to attract cybercriminals, but statistics show the dangers of this approach. Figures published by Hiscox, the business insurer, revealed that small businesses are the target of 65,000 attempted cyber-attacks every day. And while most attempts fail, a small business in the UK is successfully hacked every 19 seconds. In their recent Cyber Readiness Report 2021, one in six businesses admitted they ‘almost went under’ as a result.
Financial support or grants for SMEs
As well as the cyber knowledge gap, many small and medium-sized businesses simply do not have the funds to invest in new in-house staff or resources, or bring on board a specialist Managed Security Service Provider. With SMEs accounting for half of the UK’s private sector turnover and 60% of the workforce, it’s vital that they don’t continue unprotected against cyberattacks. By providing SMEs with a ‘Cyber Resilience’ grant, UK Government would greatly support the country’s effort to combat cybercriminals and ensure that SMEs can continue to innovate and thrive – without falling victim to cybercrime.