The Institute of Directors has warned that UK businesses are facing a new wave of risk in the cyber area, and that without concerted action there will be more to come. The news comes in a new report published today by the IoD, called Cyber security: Ensuring business is ready for the 21st century which has been produced in collaboration with Barclays.
Among the headline findings is the worrying news that, despite a number of high-profile cyber-attacks over the last year, “more than a third (37%) of IoD members lead or work in organisations without a formal cyber security strategy, and worse still, in the event cybercrime was to hit their business, 40% would not know who to report it to.”
‘We have to go further’
Despite the best efforts of business, government and industry bodies to position the UK as a leading digital player, Stephen Martin, Director General of the Institute of Directors, said that cyber preparedness had not kept pace.
“The UK is a leader in the digital economy, but if we are to build on our existing strengths and capitalise on new technologies, we have to go into the future with our eyes open to the risks. This report has revealed that business leaders are still putting cyber security on the back burner. The results, even for small and medium-sized businesses, could be catastrophic.
“With threats evolving all the time, and demanding new regulations just around the corner, we cannot afford another year of complacency from business. Now is the time for firms to test their defences and make sure all of their employees, including management, have the right skills and knowledge on cyber security. This isn’t an IT issue, it’s a business survival issue.”
‘A perfect time to consider training needs’
One of the key planks in the government’s strategy to tackle this problem is through training – with apprenticeships a central element in that. Arch Apprentices chief executive Jason Moss, whose business leads the UK in the provision of Tech apprenticeships, says the imminent introduction of the Levy offers the perfect opportunity for firms of all sizes to get themselves up to speed.
“The government’s commitment to investment in cyber and digital training got a real boost with the Levy, so now is the perfect time to consider your training needs in this area. The fact that the IoD report shows that only 44 per cent of companies have laid on cyber awareness training, and many leave gaps of more than a year between their training programmes, shows that much more needs to be done.”
Several major organisations, including the MoD and BT, have recently announced large-scale investment in cyber apprenticeships, and the standards under which they are delivered are now among the most popular of all apprenticeship schemes.
Top of the list among the IoD recommendations is the need to invest in training. It also recommends:
- Prepare for new European General Data Protection Regulation (GDPR) – understand what it means for your business and how you can prepare.
- Ensure your directors and board members are trained on the business risks of cyber security.
- Run an attack simulation with senior management to ensure your processes are suitably robust in the case of an attack.
- Ensure all your staff have regular cyber awareness training, building it into induction processes and ensure your people are a robust and secure first line of defence.
- Regularly scrutinise your cloud and server suppliers to ensure their processes are up to date.
- Investigate whether you need cyber insurance, and whether it is already covered by any IT disruption policy.
- Incentivise employees to spot false invoices or emails, and encourage honesty when human error has been made