Skip to main content

Cyber-security not a priority for UK businesses

Despite the constant warnings experts keep giving out to businesses concerning cyber-security, UK's firms won't be prioritising it in the next 12 months.

This is according to a new quarterly survey by Close Brothers. Its key takeaway is that 63 per cent of companies decided not to invest in better security, while the other 37 per cent decided to do so.

The biggest problem with these results is that they show how UK’s businesses are not in line with the upcoming GDPR (General Data Protection Regulation). The GDPR, kicking off in mid-2018, will dictate how companies use and share their customers’ data, as well as set up certain cyber-security standards.

“Businesses of all sizes should be aware of their responsibility when it comes to protecting customer data,” said Ian McVicar, Managing Director, Close Brothers Technology Services. “Keeping customers’ details safe are at the core of the EU’s new data protection legislation, General Data Protection Regulation (GDPR), which was adopted in April 2016 and takes effect within two years.”

“It is intended to strengthen and unify data protection for individuals within the EU and the penalty for non-compliance, which is up to 4 per cent of annual revenue or €20 million, whichever is the higher.”

The majority of UK’s firms (57 per cent) are worried about cyber-crime, while 36 per cent aren’t. Less than half (41 per cent) feel adequately protected, and 17 per cent are ‘unsure of their levels of protection’.

More than a fifth (21 per cent) ‘haven’t had time to look into it’, even though they know it’s an important issue. Another 21 per cent don’t think it’s an issue for their business.

More than half (51 per cent) said they had data breach policies around the use of email, internet and mobile devices. More than a third (38 per cent) said no, and 11 per cent were unsure.

Adam Palmer, Director of International Government Affairs at FireEye commented: “The EU NIS directive will have a fundamental impact on the way that most organisations in European Union member states implement security policies and report breaches. Organisations of all sizes will now need to adopt mitigation measures that will manage risk stemming from zero-day exploits and never-seen-before malware as these attacks constitute the majority of advanced attacks in today’s threat environment.

"In the wake of Brexit, in practical terms UK organisations should, of course, still look to be compliant with this new European legislative measure. Baring in mind that the timeline for UK withdrawal from the EU is at least two years it will be expected that the UK comply with the new law, which will come into effect in May, 2018. Timeframes aside, in future the UK will still be subject to this legislation where UK companies process EU citizens’ personal data in connection with their offer of goods or services, or if they provide "monitoring” activities. The same applies if a group company is located in the EU or have staff operating within any EU member state.

"Long-term, the UK will need to ensure it finds a way to be considered as a country with an adequate level of data protection, so that neither data storage or data transfer will prove problematic."

Image credit: Norebbo/Shutterstock