Nearly two-thirds of UK organisations complacent about protecting customer data
New Kaspersky study investigates magnitude of ’cyber-complacency’ across British businesses
• Just under three-quarters of businesses agree that being perceived as ‘cyber-complacent’ would be damaging to their business • More than two-thirds of businesses are concerned they will lose customers following a breach • Over half of UK organisations surveyed do not have a cybersecurity policy in place
A new Kaspersky study has lifted the lid on the scale of cyber-complacency amongst UK businesses. Alarmingly, nearly two-thirds (65%) of IT security decision-makers agree that their organisation is complacent about the protection of its customers’ data. The study revealed that many organisations are failing to take the necessary steps to prevent data breaches, despite many respondents acknowledging they would impact revenue and customer trust.
In an ever-evolving cyberthreat landscape, there is great pressure on those tasked with maintaining IT security to put in place policies and solutions that keep organisations and the data they hold secure. Alongside the threat to privacy, the financial risk for businesses is immense, with data showing the average cost of a data breach now to be around £3 million per incident.
Despite the inherent risks of being complacent, many IT security decision-makers are failing to implement effective measures to protect customer data from cyberattacks. For instance, more than half (57%) say they do not currently have a cybersecurity policy in place – rising to more than two-thirds (71%) of medium-sized businesses (250 to 549 employees). Just four-in-ten (41%) businesses surveyed believe their organisation is protected with robust endpoint security.
Alongside security, consumer confidence is vital to the growth and maintenance of increasingly interconnected businesses. The majority of IT security decision makers (69%) are concerned they would lose customers following a data breach, while 74% of survey respondents believe that being perceived as cyber-complacent would be damaging to business.
However, this concern is not translating into appropriate action, with cyber-complacency having an affect on the regularity of risk assessments carried out by UK businesses. With the nature of threats constantly evolving, Kaspersky recommends that companies conduct a cyber-risk assessment at least every six months to ensure policies and safeguards are up to date and fit for purpose. As shown in a recent Kaspersky report –The true cost of cyber-complacency: UK businesses cannot afford failure when protecting customer data – only 38% of respondents in this new survey do this in practice, making it unsurprising that almost half (47%) experienced at least one cyberattack in the last 24 months.
“Being complacent with cybersecurity, and customer data, can be incredibly costly. Along with losing sensitive information, a data breach affects business revenues, customer confidence and reputations,” comments David Emm, Principal Security Researcher at Kaspersky.
“There have been many examples in recent years of household brands suffering data breaches, showing that even the most renowned businesses are at risk. For many organisations, the ramifications of a breach could be irreversible. This is why we urge business and organisations of all sizes to adopt robust cybersecurity policies, taking expertise where needed to ensure they have the best preventative measures in place.” With 61% of IT security decision-makers thinking it is likely that their organisation will face one or more cyberattacks over the next two years, Kaspersky recommends the following advice to help protect organisations:
• Conduct regular cybersecurity assessments to review policies and services – ideally every six months • Invest in and regularly update robust endpoint security solutions that offer effective protection against the latest cyberthreats • Organise frequent cybersecurity training for IT staff, so they are aware of the organisation’s policy and solutions.