Businesses are at risk of “sleepwalking into a reputational time bomb” because they lack awareness of how to protect their data assets.
This is according to new research by the British Standards Institute (BSI), an organisation responsible for setting high business standards.
BSI urges UK companies to strengthen security systems to protect themselves and consumers as cyber hackers become more sophisticated and complex in their methods.
According to its survey of IT decision makers, cyber security is a growing concern among as 56% of UK businesses are more concerned than they were 12 months ago.
The report also claims 70% attribute this to hackers becoming more skilled and better at targeting companies.
Nearly 100% of participants said their organisations had taken measures to minimise risk to information security, but only 12% of the 98% are extremely confident about the security that is in place.
BSI also claims its study indicates IT directors have accepted the risks to their information security as 91% said their business had been a victim of a cyber-attack.
Nearly 50% of respondents said they had experienced an attempted hack and/or suffered from malware, while 42% had experienced the installation of unauthorised software by trusted insiders and 30% had suffered a loss of confidential information.
“Consumers want their information to be confidential and not shared or sold,” claimed UK managing director at BSI Maureen Sumner Smith.
“Those who want to be reassured that their data is safe and secure are looking to organisations which are willing to go the extra mile to protect and look after their data.
“Best practice security frameworks such as ISO27001 and easily recognisable consumer icons such as the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations.
“The research shows that the onus is on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations,” she added.
The BSI research claims that 60% of organisations surveyed have not provided staff with information security training, 37% have not installed anti-virus software and 49% monitor their user’s access to applications, computers and software.
However, it says that organisations implementing the ISO27001 security standard are more conscious about potential cyber-attacks than those who haven’t – 56% vs. 12%.
The study claims that 52% of organisations which have implemented the standard are extremely confident about their level of resilience against the latest methods of cyber hacking.
“The research revealed that businesses that can identify threats are more aware of them,” claimed Mike Edwards, BSI information security specialist and tutor.
“Our experience confirms this, we know that organisations with ISO27001 can better identify the threats and vulnerabilities to their information security and put in place appropriate controls to manage and mitigate risks,” he added.