Brian Sims
Editor
Brian Sims
Editor
THE SECURITY Awareness Special Interest Group (SASIG) has again reiterated the need for improved real-world cyber resilience within businesses to protect themselves from the ongoing prevalence of cyber attacks. The organisation’s pronouncement follows the publication of the latest Government Cyber Security Breaches Survey, which finds that 39% of UK businesses have experienced a cyber attack in the past 12 months (the same percentage, in fact, that was unearthed in last year’s study).
The most common form of cyber attack was phishing attempts (83%), although of the 39% of businesses mentioned, around one-in-five (21%) identified a more sophisticated attack type such as a Denial of Service, malware or ransomware-focused episode.
Within the group of organisations reporting cyber attacks, 31% of businesses and 26% of charities estimate that they were attacked at least once each week and one-in-five businesses (20%) and charities (19%) say they experienced a negative outcome as a direct consequence of each cyber episode.
Issue for the business community
Martin Smith MBE, founder and chair of the SASIG, said: “It’s clear from these latest Government findings that cyber attacks are still very much an issue for British businesses, be they small or large in scale. The findings illustrate that the impacts of these attacks are operational and financial, with the estimated average cost of attacks in the last 12 months amounting to £4,200 and rising to £19,400 when looking specifically at medium and large-scale businesses. The Government itself admits that these figures are also probably underreported, which is extremely worrying.”
Smith went on to comment: “While many businesses are working to prevent such attacks and put plans in place to deal with them when they do occur, it’s abundantly clear that more work needs to be done in this area.”
The survey has identified key areas of weakness, which include the fact that almost half of businesses (46%) had not taken action to identify cyber security risks in the past 12 months. There are broader supply chain issues in terms of cyber security and a lack of understanding of cyber risks at Board level.
Smith concluded: “Threats are constantly evolving, so it follows that having clear and concise cyber security procedures that are respected and adhered to business-wide is going to be key for building robust resilience.”
Real-world resilience
Real-world cyber resilience is the overarching theme at ‘Big SASIG’, the one-day cyber security conference set to be run by the SASIG on Wednesday 25 May in central London.
The format of ‘Big SASIG’ allows delegates to engage directly with their peers, SASIG partners and security vendors and proved hugely successful in 2021.
‘Big SASIG 2’ takes place at 155 Bishopsgate and will unite the cyber security community in a face-to-face scenario. There’s no charge to attend.
*Delegate registration for ‘Big SASIG’ is available online at https://bigsasig.com