A new report by the British Chambers of Commerce (BCC) has called on business owners across the UK to get serious about cyber-security and ramp up their efforts. Adam Marshall, director general of the BCC, told the Independent that businesses must also be aware of an extension to data protection regulation that will come into effect next year.
The BCC study examined the responses of more than 1,200 businesses across the UK and uncovered the pervasive nature of cyber-security threats. It found that 20% of firms had experienced a cyber-security breach or attack in the last 12 months and while it was concluded that large businesses are more prone to cyber-attacks, small and medium-sized organisations also need to stay mindful of security threats.
Digging further into the data reveals that 42% of companies with over 100 employees had been the target of an attack. Significantly, the figure stands at just 18% for smaller firms. However, Marshall urged small businesses to not take the results as a false reassurance. Instead all organisations must "shore up their defences".
He continued: "Cyber-attacks risk companies' finances, confidence and reputation, with victims reporting not only monetary losses but costs from disruption to their business and productivity."
Marshall also drew attention to coming regulatory changes to data protection laws which will increase companies' responsibilities and requirements to protect personal data.
"Firms that don't adopt the appropriate protections leave themselves open to tough penalties," he said.
The news follows a similar study published last week. The report, which was commissioned by cyber security firm CGI and conducted by Oxford Economics, analysed the long-term financial impact of cyber-security breaches. It found that on average share prices fell by 1.8% permanently following a serious breach in which large amounts of sensitive data were compromised.
In real terms, the 1.8% decrease would manifest in a loss of some £120m for the typical FTSE 100 firm.
The BCC study also examined post-breach protocol. It illustrated that 21% of businesses felt that cyber-attacks, or the threat of them, were hampering their organisation's growth. However, only 24% said that they have cyber-security accreditations or adequate measures in place.
Moreover, after an incident, businesses relied on IT providers to solve the issue, rather than banks and financial institutions or police and law enforcement.
Marshall added that because of this, the government and police should provide better guidance for what organisations should do following an attack. He said they should "provide businesses with a clear path to follow in the event of a cyber-security breach and increase clarity around the response options available to victims, which would help minimise the occurrence of cybercrime."
Copyright © Misco 2014. Misco is a trading name of Misco UK Ltd. All rights reserved. E&OE Registered in Scotland Number 114143. Registered Office: Caledonian Exchange, 19a Canning Street, Edinburgh, EH3 8HE. VAT number: 494 1756 15. All prices mentioned (pounds) exclude postage and packaging. All orders comply to Misco terms and conditions.