UK SME’s are said to be at risk of 65,000 cyber-security attacks every day, & circa 4,500 of these are successful, but the figure could be much higher since the onset of Covid-19!
The findings come from a new report by global recruiter Robert Walters & data provider Vacancysoft – Cybersecurity: Building Business Resilience, which observes that the cost of data breaches to UK companies is roughly £2.48 million per case.
- 65,000 cyber security attacks on UK SMEs daily.
- 4,500 are successful.
- Data breach costs UK companies £2.48m per instance.
- 44% of public would not use brand again if their data were to be breached.
- 48% of UK companies do not have adequate cyber-security to support home working.
Online retail is at risk
Nearly half of consumers (44%) have claimed that they would stop using a company online if they were to be breached during a cyber-attack. Worrying news for many retail & service operators, who have moved their business-models to be more online-orientated to respond to the widespread lockdown rules.
In May 2020 alone, e-commerce increased by 168%, & currently represent 27.5% of total retail sales for 2020, & this is expected to increase to a 3rd (32.1%) of all retail sales by 2024.
“Cyber-attacks rose to an all-time high in the last few years causing a great deal of media attention.
As the general public became increasingly aware of personal data & privacy issues – including the introduction of GDPR – cyber-security increasingly became a ‘differentiator’ for brands in a market where customers demand more transparency,” Darius Goodarzi, Principal – Information Security & IT Risk at Robert Walters, said.
Apple & Whatsapp
“The tech industry has set the tone, with brands such as Apple & Whatsapp putting security at the centre of their marketing message.”
“For e-commerce, on the other hand, the pace at which the sector grew during Covid-19 raises questions as to whether their cyber-security has been up to par with the sharp increase in traffic to online sites,” Goodarzi observed.
“With consumers being hyper-sensitive about their personal information in a rapidly evolving digital world, e-commerce sites cannot afford to lose the trust of customers in what is becoming a very competitive space.”
It seems the industry has started to face-up to responsibility, with cyber-security job vacancies within the Consumer Goods & Services sector increasing by 17% in just 12 months.
Ill-prepared for remote working
Severe lockdown measures literally changed businesses working practices overnight. Just 11% of UK businesses stated their entire workforce were able to work remotely pre-lockdown, but this increased to 70% when lockdown started, with the most white-collar business being able to adapt to remote-working in less than a week.
Of 70% who were able to convert in under 7 days, over half (53%) of these firms in the UK were able to move their staff to remote working in under 2 days. Although given little notice, 71% of staff said the relocation to homeworking was ‘joined-up’.
However, it appears little consideration by the govt. was given to the vulnerability of IT & Cloud security when businesses were informed they must enforce remote working.
In fact, half of companies (48%) admitted that they do not have adequate cyber-security provision to maintain a 100% remote-working model.
While industries have committed to up their game, & it is predicted that the current £68bn spend on cyber-security will need to be at least doubled to cope with the new working.
During rapid, non-legislated change, the issue is about where accountability is regarding data breaches. Nathan Tittensor, Director at i3Secure, a UK-based Cyber Security & Data Protection consultancy, believes that some sectors are ready for disruption in the context of security.
“After e-commerce, the next industry which we suspect will be looking at their security posture is the legal sector in particular law firms. Whilst the legal sector deals with high volumes of confidential information, they have never been mandated to have certifications around security,” Tittensor cautioned.
“Although we are starting to see firms achieve certifications such as ISO 27001 to demonstrate they have robust practices and enhance customer trust, it is remote working that has really shone a spotlight on the sector and they should act fast before it is faced with the consequences of personal information being mishandled when not on-site in offices.”
Banks have become a ‘role model’ for security
Due to a high level of regulation placed on the banking & financial sector, the industry maintains a top position for IT security standards.
Cyber-security hiring in recent years have been driven largely by the need to facilitate secure open banking & deter automated fraud, & threat detection.
“For the more mature financial institutions who have sufficient IT-security talent onboard it is not surprising to see the resilience the sector has had against Covid-19 related cyber threats – warranting a freeze in hiring,” Ajay Hayre, Senior Consultant Technology at Robert Walters, commented.
“However this has truly been the year for fintechs, who have increasingly been stepping into the space of traditional banks & playing an active role in the government bailout scheme, as well as obtaining licences to be able to deliver traditional banking services such as direct debits & overdrafts.”
The urgent need for this sector to protect data in transit or in the cloud has led to an increase in cyber-security recruitment of 37% since 2018. “If fintechs follow the ‘gold standard’ of their older, more experienced ‘siblings’, traditional banks & financial service institutions, then their security protocols will not be of concern.”