A recent report from the UK Government and Home Office has revealed that the UK’s top companies are not accounting for cyber risks when making strategic decisions, with only 14 per cent of firms putting in processes to address cyber threats. As a result, the Government is working to develop an official ‘cyber standard’ which will help stimulate the adoption of good cyber security practices amongst business.
Bain applauds the efforts of the UK Government in tackling cyber risks, as well as helping businesses to better protect themselves but ultimately feels more needs to be done:
“The results from the UK Government’s survey paint a very bleak yet unsurprising picture when it comes to attitudes towards cyber security. Unfortunately, a lot of organizations are very arrogant when it comes to the idea of cyber risk – they believe they are untouchable, and in the event they are breached, attacks are not being reported, therefore pulling the wool over the eyes of customers into thinking everything is fine.
“Recently, we saw the example of Adobe having 38 million customer accounts breached – that is a staggering number and for a company of Adobe’s size and stature, this is simply not acceptable and it is the customer which suffers.”
Bain continues: “Ultimately, a lack of transparency and lack of information about incidents makes it incredibly difficult to understand the overall impact, root causes and possible interdependencies of cyber attacks and breaches. Hacking, cyber criminals and security breaches are not going to go away and those organizations who continually turn a blind eye to threats or simply brush the fallout under the carpet and stay hush-hush, benefit no one and are incredibly foolish.
“The efforts of the Government are commendable and I’m sure that a set of standards can only bring about a positive change but forgive my skepticism as I believe we’ve seen this all before. In 2010 the Government committed £650m towards a cyber defense strategy and you’d hoped that this would resonate into the private sector but clearly this is not the case.
“In order for cyber crime to be taken seriously, unfortunately it would seem to be the case that someone needs to be made a serious example of. Serial offenders need to be named and shamed publically with severe consequences attached, whether it is in the form of significant fines or prosecution but one thing is for sure, the current attitudes need to change,” concludes Bain.