U.K. Firms “very unprepared” for data breaches

Telecommunication companies say they expect the number of breaches to rise over the next year and around 75% of these companies are wary that this is the case.

The study, undertaken by analyst firm Ovum, and commissioned by analytics software firm FICO, found that although 53% of U.K. executives believe there will be a growth in attempts to access data, less than half of firms are likely to direct their resources to enhancing cyber-security. This approach is clearly dangerous and reckless.

They’re aware that more and more people are trying to access data, but they seem to forget that, without effective cyber-security, more and more data breaches will be inevitable.

Data response plans

Of the firms surveyed, 41% of them have a tried and tested data breach response plan in place in the U.K. This number an improvement but it’s still nowhere near good enough and highlights that many firms are still not ready for data breaches – before and after – potential incidents.

52% of U.S. firms have committed to having such a response plan in place. The blasé attitude is even more apparent, as only 49% of firms said they would expect this position to improve in the next year.

Some form of monitoring

Although there is a lack of response plans in place for many firms, the study found that 63% of firms have monitoring, scoring and reporting services implemented, and 71% of firms noted that their cyber-security is reported at managerial board level. This insinuates some level of importance placed on cyber-security.

Importance of cybersecurity

Cyber-security is very important for everyone. For smaller companies it could completely destroy the company, and for larger companies it could impact thousands of people. Andrew Kellet who conducted the research for Ovum reiterated the importance of protecting your company:

“A data breach can be a make-or-break moment for a company. Your speed of response and your ability to maintain your customers’ trust determines the extent of both financial and reputational loss. If you haven’t tested your response plan, you are putting your firm at greater risk.”

Many firms are doing it…

According to a U.K. government survey undertaken by PwC in 2015, 90% of large organisations and 74% of small-medium enterprises reported a security breach. This led to an estimated total fine of £1.4 billion. The statistics show that 9 out of 10 large organisations and over 7 out of 10 smaller organisations have been subjected to a data breach. This means that the vast majority of organisations aren’t properly prepared when it comes to their cyber-security approach. There may be many reasons why including insufficient training of staff, administrative errors, not encrypting sensitive data, etc.; the list could go on.

Fines

The Payment Card Industry Security Standards Council (PCI SSC) warned that if U.K. companies don’t get their act together, they could face up to £122 billion in penalties for data breaches. The PCI SSC warning comes as the EU General Data Protection Regulation (EU GDPR) are set to be enforced from 25^th May 2018.

With the EU GDPR coming into force in less than a year’s time, organisations need to be aware that if they don’t sort out their cyber-security quickly, there will likely be financial penalties. The maximum fine imposed could be €20 million (£17.7 million) or 4% of the company’s annual worldwide turnover; whichever is the greater amount. This should be a strong deterrent and a kick-up the backside for organisations to take their cyber-security seriously.

The proposed penalties can be far greater than the current maximum Information Commissioner’s Office (ICO) fine of £500,000.

U.K. government reportedly breaching personal data at least once an hour

Several mainstream apps pay $5.3 million settlement for illegally accessing iOS users’ contacts list