FEATURE INSIGHT
As the threat of cyberattacks on UK businesses increases, freelance writer and editor Kavitha Sivasubramaniam looks at the role of employers in ensuring that company data is adequately protected Safe and secure
A s one of the leading criminal threats to the economy, a cyberattack is an offensive strike against computer networks or systems, usually anonymously released from one or more computers. Malicious code is used to target and compromise data, resulting in cybercrimes including identity and information theft. The Cyber Security Breaches Survey 2017 (https://bit.ly/2pFfADc) from the Department for Digital, Culture, Media and Sport revealed that just under half (46%) of all organisations have identified at least one cyber security attack or breach within the last twelve months, including 38% of micro- firms, 52% of small companies and 66% of medium-sized firms. Cyberattacks happen every day, both on a personal level and at an organisation level, and according to government research more than half (54%) of the UK’s biggest 350 companies now identify cyber threats as a top risk to their business. Despite this, the FTSE 350 Cyber Governance Health Check Report 2017 (https://bit.ly/2wgwMoR) further revealed that more than two-thirds (68%) of boards had not received training to deal with a cyber incident. The aforementioned annual report, which provides insight into how the UK’s largest firms deal with cyber security, also found that one in ten function without a response plan in place to deal with a cyber incident and less than a third (31%) of boards are
three types of attacks: ransomware attacks; exploitation of websites through known vulnerabilities; and misconfiguration of IT networks. “Large businesses currently go to great lengths and costs to protect their systems and data. Any breach of their data would be costly, damaging to their brand and reputation and would have knock on implications for their employees or customers,” says Paul Rains, director at Transact HR Ltd and business partner for the People Solutions Company. For employers, their key concerns will be, data theft, potential disclosure of personal data, loss of access to data, loss of use of data and damage to data. Rains says: “Without the ability to process accurate data businesses will fail. They will fail to pay their employees, fail to pay their creditors, fail to collect money owed from their debtors and fail to pay their taxes. Threats could also damage or stop business websites, email systems and local/wide area networks.” Worryingly, a survey of more than 1,000 respondents commissioned by IT products, managed services and solutions provider Probrand found that British firms are not performing basic tasks that could make their company data more secure. For example, less than a quarter change passwords for key online accounts and services when an employee leaves employment – meaning
provided with comprehensive information about cyber risks. ...one in ten function without a response plan in place to deal with a cyber incident... The cost of crime With estimates suggesting cyberattacks could be costing UK companies billions of pounds each year, there is no doubt that cyber security should be a key consideration for any business in order to identify areas of exposure that could potentially be exploited. “Ensuring an organisation has a strong security posture is now the cost of doing business and increasingly organisations are required to demonstrate their posture while operating as part of a supply chain or tendering for new contracts. This is even more evident within the revised data protection regulation, when operating as a controller or processor of personal data,” explains Andrew Collins, chief operating officer at Omnicyber Security, provider of cyber security and online compliance. Key threats Omnicyber Security’s incident response team are most commonly required to address
| Professional in Payroll, Pensions and Reward | May 2018 | Issue 40 40
Made with FlippingBook - Online magazine maker