Why many UK businesses still aren’t cyber ready

Recent UK government research shows that just under half of all businesses aren’t seeking advice on cyber security threats

While 69% of businesses in the financial sector sought advice in the last 12 months, a quarter of all large and medium-sized businesses and 39% of small businesses chose not to seek external information or guidance.

This comes at a time when almost one in three businesses suffering attacks, say they now experience breaches or cyber attacks at least once a week.

But if attacks are becoming more frequent, why aren’t more businesses being proactive and seeking advice on protection?

Too many businesses take a reactive approach

As we know, the impact of a cyber attack is significant, from the downtime of systems and loss of data to the huge financial cost to repair your network and the considerable damage to your reputation. In fact, the mistrust of a business as a result of losing customer data is often so damaging that it can lead to loss of customers and sales. While many businesses take a reactive approach, to protect yourself, you need to be proactive in boosting your security defences, otherwise, you’re leaving it too late.

Cyber security seen as a cost not an investment

Unfortunately, too many businesses see cyber security as a cost rather than an investment, preferring to risk relying on ‘off the shelf’ security packages and do it all themselves rather than seeking external help and investing in the highest level of security. But there’s no quick fix solution or corner cutting when it comes to cyber security, businesses need to speak to the experts and invest wisely. After all, cyber security protection is an investment in the future of your business.

Proactive solutions

While cyber attacks often happen due to simple negligence such as employees clicking on phishing emails, the use of easy-to-crack passwords, lack of two-factor authentication or accessing work emails and systems through a public WiFi, these issues can be easily avoided. Work with the experts to ensure you have clear work policies in place for remote working and using two-factor authentication, ensure employees read their emails carefully and avoid clicking on malicious links and implement password managers to improve password security.

If you’re an SME, make sure you have cyber policies and practices in place from the very beginning, rather than developing them as you go. The National Cyber Security Centre (NCSC) offers support with its government-backed certification Cyber Essentials designed to help businesses guard against the most common cyber threats. It also provides reassurance to your customers that you have a certain level of protection.

Tightening up supply chain security

But even if you’ve invested sufficiently and tightened up the security measures across your network, cyber attacks via suppliers pose an even bigger threat to businesses. With a four-fold increase in supply chain attacks in 2021, you simply can’t afford to take security risks. Instead, make sure you work with a vendor risk management service or expert to identify the high risk suppliers who you share sensitive data with, analyse their security maturity and then take the required action to ensure your data is safe. By ensuring the integrity, availability and confidentiality of your data across your entire supplier network, the likelihood of your business being attacked, will be much lower.

Be prepared for the future

As cyber security risks increase in frequency and severity, all businesses, whatever size or sector, need to seek expert guidance and be proactive when it comes to improving cyber security protection across their network as well as among suppliers who have access to their sensitive data. There’s simply no way around it. If you wait until you’ve been hacked, your business could be knocked out for days or even weeks, disrupting your operations and bringing you to a complete standstill. Not to mention the financial and reputational implications. Overall, the damage could be limitless, it’s simply not worth the risk.


About the Author

Jonathan Wood is CEO at C2 Cyber. At C2, we empower organisations to survive and thrive through the provision of best-in-class risk intelligence. We are focussed on risk analytics for information assurance, privacy and ESG. 

Featured: ©Gorondkoff