It’s a subject you’ve seen all over the news. A subject you try to avoid because you think it could never happen to you. Something you believe only happens to big businesses.
Are you still burying your head in the sand over cyber security? The consequences of a cyber-attack hitting your business are not only reputation damaging, but it could also leave you with a heavy fine from the ICO if you haven’t complied with Data Protection Regulations.
A survey recently published by the Department for Culture, Media and Sport and undertaken by Ipsos Mori (Global market and opinion research specialists) highlights some of the facts about why cyber security should be at the forefront of your mind.
Out of over 1500 businesses surveyed, it was revealed that:
- 74% say cyber security is a very high priority for their senior management
- 67% have already spent money on cyber security in some shape or form in the past year
- 51% of respondents said the biggest reason for this spend is to protect customer data
- Only 33% have a formal policy in place that covers cyber security risks
- Only 11% have a cyber security incident management plan in place for if they were to be hit by a cyber attack
What can we learn from this report?
One crucial thing that we can learn from this report is that although a lot of businesses are aware of cyber security and the reasons why they need it, not a lot of businesses actually have a formal policy for cyber security in place.
You’ve seen some of the largest organisations in the UK being compromised due to cyber-attacks. You’ve also seen SMEs in the UK being financially crippled because of a cyber breach. It can and will happen to you – that’s why you need to be prepared for the worst and do all you can to prevent it.
If you haven’t got a formal cyber security policy in place, now is the time to put one together. A cyber security policy doesn’t need to be long and for most SMEs, it should be able to fit on a single sheet of paper. You just need to explain within the policy:
- The objectives of the policy
- Who is responsible for the policy
- Who is responsible for enforcing cyber security
- Your key security controls
Once this has been done, it is then vital that you educate your staff about cyber security and ensure they fully understand the policy. While this may sound simple, it is one of the most crucial parts of cyber security training and needs to be done on a regular basis to ensure all members of staff are aware that their actions could potentially lead to a cyber-attack, and what those consequences are.
If you would like some advice on cyber security and how it can protect your business, contact our team on 0800 9520652.