According to the Cyber Security Breaches Survey 2018, 4 in 10 businesses experienced a cyber security breach or attack in the last 12 months and this rose to 7 in 10 among larger businesses.
With GDPR now in force and with the ICO implementing serious fines as a result of regulation breach, much emphasis has been placed on organisations to implement technical and operational measures to protect their personal data and prevent security breaches.
What is a Security breach?
Data breaches occur every day, but we don’t necessarily hear about them, with only large scale breaches from high profile organisations/brands hitting the headlines. More recently electronic retailer Dixons Carphone who now face a £400 million fine for the UK’s biggest online breach affecting 5.9 million payment cards and 1.2 million personal data records.
The most common type of security breaches affecting businesses and charities according the report were fraudulent emails received by employees, and people also impersonating their organisation in emails. Therefore staff awareness and training in cyber security needs to be high on any businesses agenda.
Whilst there has been a fall in comparison to 2017 with businesses reporting breaches relating to viruses and malware, a slight increase was confirmed with hacking activity, with businesses experiencing unauthorised access of their networks, servers and computers.
Security breaches are not just confined to cyber threats, there is now an increased risk associated with accidental breaches and human error, employees incorrectly processing or deleting data in error or misplacing information and misconfiguration. And whilst reports suggest that organisations are getting better at protecting against cybercrime, more could be done with employees to prevent costly errors.
Whilst not all breaches result in financial or data loss, they can still cause disruption, and impact on employees, either having to take time to deal with the breach or not being able to continue working, impacting productivity.
Action to take
Don’t wait for a breach to happen, be pro-active and make your cyber security is a high priority by talking to Timewade about your requirements.
As a Cyber Essentials approved practitioner we have experience of working with small to medium sized businesses and can help you identify the risks, provide guidance and also help you implement the basic technical controls and solutions needed to protect your business.
Learn more about Cyber Essentials – https://www.cyberessentials.ncsc.gov.uk/
For more information on ICO Data Breaches: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/