Written by Mark Williams

The Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2018 is a survey of 1,519 UK businesses and 569 UK registered charities.

If its findings accurately reflect the bigger picture, a staggering 43% of UK businesses and 19% of charities experienced a cyber security breach or attack in 2017. For large businesses and charities, the figure rises to almost 75%.

Although, according to the survey, 74% of businesses and 53% of charities say cyber security is a high priority, only 27% of businesses and a 21% of charities are believed to have a formal cyber security policy.

Risk analysis

According to the survey report, most businesses and charities are “reliant on online services, which exposes them to cyber security risks”. Furthermore: “Breaches were more often identified among organisations that hold personal data, where staff use personal devices for work (known as bringing your own device or BYOD) or that use cloud computing”.

The report says that where breaches have resulted in lost assets or data, “the financial consequences have been especially significant”. The average cost of breaches for a business was calculated to be £3,100 (£22,300 for a large business) and £1,030 on average for charities.

To help mitigate risk, the report recommends that organisations “do [more] around training and awareness raising, documenting risks and adopting good-practice technical controls to better protect themselves”. Organisations were recently being warned to be careful, because malicious faxes were reported by the BBC to “leave firms open to cyber attack”, with connected fax machines offering a way for “malicious hackers to sneak into corporate [computer] networks”.

Sources of free advice

The Federation of Small Businesses (FSB) has published its top five cyber security tips for small businesses, covering everything from choosing stronger passwords and using “two factor authentication” (ie “adding an additional layer of security to accounts or transactions”) to securely backing up data, updating software regularly and restricting system/software access/users.

The FSB says businesses should also raise awareness of cyber threats via training and testing, while “encouraging vigilance from all employees”. It also recommends having IT/cyber security policies that “outline acceptable actions for your employees when in the workplace or using company equipment”.

The government worked with the Information Assurance for Small and Medium Enterprises consortium and the Information Security Forum to develop Cyber Essentials – “a set of basic technical controls to help organisations protect themselves against common online security threats”.

Cyber Essentials

The government says Cyber Essentials is “suitable for all organisations, of any size, in any sector”. It is intended to help your business to “guard against the most common cyber threats and demonstrate your commitment to cyber security”. Backed by the FSB and the CBI, businesses can gain one of two Cyber Essentials badges (ie basic or Cyber Essentials Plus certification).

The Cyber Essentials website (created by the National Cyber Security Centre, part of GCHQ) offers “five technical controls that you can put in place today – explained without jargon” to help you to mitigate cyber attack risk. The National Cyber Security Centre has also published a library of cyber security guidance for small businesses.

Get Safe Online (“the UK’s leading source of unbiased, factual and easy-to-understand information on online safety) is another free source of advice, including free-to-download leaflets on a range of key cyber security topics.

With cyber crime reported to be an ever-increasing problem for businesses great and small, it doesn’t pay to take chances. Better to be safe than sorry.

Mark Williams is a freelance editorial consultant, writer and SME content specialist with over 25 years' experience.  He contributes to The Guardian Small Business Network and planned and wrote the Start Up Donut website.  As well as award-winning magazines and websites, his writing has featured in national newspapers and Sunday supplements.