Only 21% of businesses in the UK are aware of the government’s cyber security standard which was published in 2013, signifying a lack of knowledge of government initiatives among small and large businesses.
Only 13% of small and large businesses have knowledge of the NCSC’s ’10 steps to cyber security’ programme which was launched with much fanfare last year.
The latest Cyber Security Breach Survey 2017 published by the Department of Culture, Media & Sport has revealed the true state of businesses’ awareness about the government’s cyber security initiatives, guidelines, programmes and standards. This lack of awareness paints a bleak picture of their preparation for the upcoming GDPR regulation which is expected to raise the costs of non-compliance significantly.
The survey revealed that only 21% of businesses across the UK are actually aware of the government’s cyber security standard which was published back in 2013. While 57% of large firms are aware of the standard, only 17% of small firms are aware of the same.
Last year, the National Cyber Security Centre launched its new ’10 steps to Cyber Security’ programme which was aimed at helping businesses follow a few essential steps to guard against potential cyber-attacks and phishing attempts from cyber criminals.
To help small businesses strengthen the cyber security of their systems and websites, the government also offered an ambitious Cyber Essentials scheme with the aim of helping companies strengthen their IT systems, implement the latest cyber security practices and effectively handle and protect customer data. To incentivise the adoption of the scheme, the government said that businesses not completing the programme would not be eligible to compete for government contracts.
However, despite the government’s efforts, only 13% of businesses have knowledge of it’s ’10 steps to Cyber Security’ programme, thereby defeating the purpose of the programme.
According to data obtained by security research firm Corero through a Freedom of Information request earlier this year, as many as 39% of critical infrastructure organisations in the UK, including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers, and transport organisations have also not completed the government-mandated ’10 Steps to Cyber Security’ programme.
Recently, a report released by the British Chambers of Commerce also revealed that only 10% of sole traders and 15% of firms employing one to four employees had signed up for the Cyber Essentials scheme.
However, it would not be wise to blame businesses alone, as lack of cyber awareness as well as lack of implementation of cyber security programmes is a widespread phenomenon.
Information obtained by Digital Health Intelligence via Freedom of Information requests has revealed that among 281 local authorities in the UK, almost 60 percent do not have a cyber security strategy in place to ward off cyber threats.
A majority of local authorities do not have concrete plans on how to protect their IT systems from cyber attacks even though at least one in every five authorities have suffered a cyber attack in the past 12 months.
Data obtained by M-Files also revealed that as many as 76 per cent of 32 London boroughs and 89 percent of 44 other local authorities have not allocated budget to comply with the GDPR and that more than half of all local authorities have not appointed Data Protection Officers which is also mandated by the regulation.