• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • BUSINESS
  • CAREERS
  • CLOUD
  • COMPUTERS
  • CYBERSECURITY
  • I.T.
  • TECH
  • VOIP
  • About

DCMS Cyber Security Breaches Survey 2021 highlights more still to be done by the majority of businesses

by


The Department for Culture Media and Sport recently published its annual Cyber Security Breaches Survey (the “Survey”), which aims to capture trends in cyber security incidents and provides a snapshot of the approach of UK businesses to the risks of an incident and the types of incidents seen in the previous 12 months.

We have tracked the Survey since it was first published in 2016 and some interesting trends are emerging.

Cyber security as a priority area

Respondents to the Survey indicate that cyber security remains a priority for management boards. They have always said that. Three-quarters of businesses say cyber security is a high priority for their directors or senior managers: an 8% increase on the position that existed five years ago. That mirrors what we see in practice. Cyber security is always on the boardroom agenda but is becoming increasingly important over time.

Disconnect between concern and action

There has always been a disconnect between that evident concern around cyber security and businesses then putting into place formalised processes and procedures. In 2016, less than one in three businesses had a formal cyber security policy. That figure has barely shifted in the last five years. The Survey found that only 33% of businesses have a formalised policy around cyber security. Just over two in every three respondent businesses have no business continuity plan in place that would define and assist the business in how to respond to a cyber security incident.

Regulatory expectation

The GDPR has clearly driven public awareness of data protection and privacy and expectations have increased accordingly. The public expect their personal data and privacy to be protected. Shareholders and stock markets react when incidents happen. Regulators, in the form of both the Information Commissioner’s Office (“ICO”) and the Financial Conduct Authority (“FCA”), now expect organisations to have policies and procedures in place to manage cyber security risk.

By way of example, the ICO have produced an accountability framework that sets out its expectations of businesses and how they can evidence cyber security compliance under the GDPR, which includes an expectation that:

  • Procedures and systems facilitate the reporting of security incidents and breaches.
  • Your organisation has a response plan for promptly addressing any security incidents and personal data breaches that occur.
  • You centrally log/record/document both actual breaches and near misses (even if they do not need to be reported to the ICO or individuals).
  • The log documents the facts relating to the near miss or breach including:
    • its causes;
    • what happened;
    • the personal data affected;
    • the effects of the breach; and
    • any remedial action taken and rationale.

The ability of a business to properly assess cyber security failure and make consistent and justifiable decisions as to the steps that are taken in the aftermath of an incident are issues best considered by a business before disaster strikes. The pressure of a cyber security incident – and all of the competing factors and moving parts that go along with it – is not the best environment within which a business should be designing and rolling out an incident response plan. But we often see that in practice and the Survey demonstrates that this is a systemic issue across the majority of UK businesses.

This is an issue that demands attention. No business is going to be impervious to a cyber security incident. Regulators and courts recognise that and when such action commences following an incident, the real issue that is focused on is whether the security in place was appropriate and whether the response was adequate.



Click to View Original Source

Filed Under: CYBERSECURITY

Primary Sidebar

More to See

Growth, succession planning, and cybersecurity are top priorities for businesses – WSU Insider

SPOKANE, Wash. — Attracting new customers, planning for retirement and protecting against cyberattacks emerged as three top‑of‑mind priorities for … [Read More...] about Growth, succession planning, and cybersecurity are top priorities for businesses – WSU Insider

Computing announces the UK’s most influential IT leaders

We're all about the IT leader here at Computing - whether that's the CIO, CTO, IT director, chief architect or any one of dozens of other titles. … [Read More...] about Computing announces the UK’s most influential IT leaders

Türk Telekom and Korea Telecom enter a strategic agreement

A strategic relationship between Türk Telekom and Korea Telecom (KT) was launched on Sunday. This initiative will promote cooperation in the areas of … [Read More...] about Türk Telekom and Korea Telecom enter a strategic agreement

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • To Prevent Injury, Computers Will Predict When Soldiers Are Tired
  • Growth, succession planning, and cybersecurity are top priorities for businesses – WSU Insider
  • Computing announces the UK’s most influential IT leaders

Search

Copyright © 2022 Computer Business World