18 September 2014

Businesses still underestimating cyber security threat

Survey reveals worrying lack of cyber security protection in place

Law firm Mishcon de Reya has today published the results of a YouGov survey of 200 senior decision makers in large businesses, revealing a worrying lack of understanding of cyber security. The survey suggested that many businesses are woefully under-prepared and ill-protected against what is becoming a more frequent and increasingly sophisticated threat.

The YouGov poll shows that:

  • More than a fifth (21%) of the senior managers surveyed do not know if their business has a plan in place to respond to a cyber-security breach.
  • Nearly a fifth of respondents (16%) admitted to being not very confident or not at all confident that their supply chain is protected, while 7% said that they didn’t know.
  • One fifth (20%) of the senior managers surveyed said that their business does not have a plan in place for if their business' supply chains cyber-security is breached, with a further 32% saying that they don’t know, suggesting that more than half would not know how to respond if their supply chain suffered a breach.
  • Nearly a fifth (17%) do not think that their employees are adequately informed about cyber-security threat, with 19% stating they could not agree or disagree that they are. Only 17% were confident enough to 'strongly' agree that their employees were adequately informed. This degree of uncertainty could leave a number of businesses open to cyber-attack.

The issue provoked a lively debate at the Annual International Fraud Group panel discussion on digital security, hosted by Mishcon de Reya and chaired by Sir John McLeod Scarlett KCMG OBE Chief, Secret Intelligence Service (MI6) from 2004-2009. Panellists at the event, which took place on 22nd May, included Charles Farr OBE Director of the Office for Security and Counter-Terrorism, Home Office; Dr David Bailey CTO, Cyber Security at BAE Systems Applied Intelligence; and Dr Ian Brown Senior Research Fellow and Associate Director at the Oxford Internet Institute. They discussed the growing threat of cybercrime, the best approach to tackling it, and the need to balance the opportunity that digital innovation presents for businesses with the inevitable risk that comes with it. They reiterated that all companies should be prepared for a cyber-attack, as responding rapidly is key in the event of data theft, and agreed that business needed to join forces; through sharing knowledge, companies will be best equipped to deal with this threat.

To help its clients to better understand cyber threats and the risks that digital criminality presents to their businesses, Mishcon de Reya is now collaborating with security experts at BAE Systems Applied Intelligence. Mishcon and BAE Systems Applied Intelligence can assess a client’s level of security, provide recommendations and enable the swift recovery of data should a breach occur. They will also help businesses understand their regulatory obligations so that they don't face the increasingly severe sanctions for not having the right security practices in place to protect customer data.

The annual Verizon Data Breach Investigations Report (DBIR), published earlier this year, ascertains that the state of play and trends in data breaches, illustrated the scale of the problem. This year's report considered 1,367 data breaches and 63,437 security incidents across 95 countries. Mishcon de Reya worked with Verizon as it prepared the report, providing key data based on an analysis of 150 of the Firm's data cases.

Commenting on the work with BAE Systems Applied Intelligence, Gary Miller, Head of Fraud at Mishcon and co-founder of the International Fraud Group said: An organisation’s information is its most valuable asset; huge amounts of time and resource are invested in creating it. It is therefore very worrying to find so many businesses failing to effectively protect it. Breaches of digital security carry a serious financial and reputational risk which can irreversibly damage share prices, investment opportunities and community standing. At a time when cyber hacking is becoming more sophisticated and more frequent, it is critical that businesses see cyber as a Board level responsibility and have the necessary systems and protection in place.

Dr David Bailey, CTO Cyber Security at BAE Systems Applied Intelligence, continued: Cyber crime is increasingly pervasive with attackers using ever more sophisticated techniques to target their victims and cause significant damage to business, governments and whole economies. Exposure to such attacks is now an intrinsic component of being part of the connected world, a world that businesses must participate in to be successful. The continual emergence of new threats and techniques means that it is vital to be prepared, have agile security in place to detect and respond to threats and to identify the necessary steps to ensure that information is protected in law. Mishcon de Reya is known to be the expert in protecting and recovering data and guarding and rebuilding reputations, whilst BAE Systems has protected governments’ and business’ critical information for over 40 years. It is therefore a logical decision to work together to help businesses better understand the nature of the cyber threat.

To read more about this on SC Magazine, please click here.