A survey undertaken by records management company Crown Records has revealed the depth and breadth of the cyber security problem faced by UK businesses. The report, which was conducted in cooperation with Censuswide, shows that more than 50% of firms in UK cities have lost valuable information. With some locations suffering vital data loss from as many as 93% of their local businesses.
It is no secret that companies worldwide regularly suffer from cybercrime. Earlier this year British mobile telecoms company the Carphone Warehouse lost sensitive personal information pertaining to 2.4 million customers. Last December entertainment and technology giant Sony, suffered its well-publicised breach – during which it lost sensitive data and had its film The Interview leaked.
In July of this year Italian firm Hacking Team (which sells surveillance software to government agencies) was itself the victim of a severe cyber attack. During that particular hack, the company lost both sensitive information and its sophisticated surveillance suite (which was also leaked to the Internet).
Of course, most people are aware of the Ashley Madison hack that took place this year. In that attack, the log on details and account information of 33 million peoples’ extramarital affairs was leaked online.
Now, the recent survey undertaken by Censuswide and Crown Records is adding to the alarming worldwide rhetoric about cyber security. Revealing that data loss in UK businesses is occurring at a much more alarming rate than perhaps previously understood.
The survey was given to IT decision makers at UK companies with over 200 employees, focussing specifically on people working in Facility Management. Of those companies questioned: 70 percent had suffered data loss in retail; 55 percent had suffered losses in the Insurance sector, and 60 percent had been breached in the Banking and Pharmaceuticals industries. If those stats seem high, alarm bells should sound considering that a fifth of those companies suffered data breaches four to six times – with 8% suffering losses a staggering 10 to 12 times.
Newcastle (located in the North East of England) is a city that has seen a massive boom in its IT sector – with significant growth in businesses offering cloud-based services. Frighteningly, stats accumulated by the survey reveal that 93% of companies in that area have suffered data loss.
Although Newcastle was found to be at the extreme end of the scale, the survey did also reveal that 56% of firms in Plymouth and 53% of enterprises in Glasgow had also suffered losses – acknowledging that it is a nationwide problem.
Speaking about the unusually high stats in the North East of England, Ann Sellar from Crown Records Management said,
‘These survey results should be a wake-up call for businesses in Newcastle because the importance of protecting customer data is higher than ever. This is not only because of potential fines for data breaches – which will soon increase when the EU General Data Protection Regulation is ratified – but also because of growing public awareness.’
‘It takes on average 20 years to build a reputation, but just five minutes to ruin it with a data breach and then up to two years to rebuild it. So businesses need to look at the way they protect their information, understand where the threats are and start putting robust processes in place to protect their customers’ she added.
Interviewed Yesterday on CNBC, the CEO of Palo Alto Networks, Mark McLaughlin, said that it was important for companies to keep on top of antiquating (and weakly implemented) security systems based on ‘cobbled together’ legacy technologies. During the interview, McLaughlin explained that relying on cybersecurity insurance as a ‘safety net’ had already become an unrealistic way for corporate executives to handle the problem.
Explaining why insurance is no longer an efficient solution, McLaughlin touched upon the issue of rising costs, which he says has seen insurers massively raising premiums to deal with the alarming rise in cyber-attacks,
‘The reason you can’t get insurance policies that actually pay out or get them at reasonable rates is the insurance business knows how to manage risk, right? They have no idea what this risk is here, the magnitude or what to do about it.’
With insurance companies deciding to raise deductibles and implement payout limits of $100 million many firms are leaving themselves exposed to possible huge losses, which could cost them far in excess of that payout. Target, for example, suffered losses of $264 million during its 2013 cyber security breach: revealing the danger faced by at high-risk companies.
Recent comments made by Tracie Grella (head of professional liability at top insurer American International Group) have only served to reinforce McLaughlin’s point. Talking about the hardship companies now face when trying to get insured she said ‘we have turned clients away.’
With this year’s annual Ponemon Institute study revealing that the average cost of cyber security (for large US firms) is up 82% from six years ago. Crown Records’ survey showing the alarming extent of cyber crimes in the UK, and the constant barrage of information about hacking that is in the press every day, is it any wonder that ‘cybercrime’, ‘digital privacy’, and ‘Virtual Private Networks’ (VPNs) are the go-to buzzwords of 2015?