The Department for Culture, Media and Sport (DCMS) in the UK issued a new report showing that businesses neglect cybersecurity procedures until after a major attack had happened.
The report extended on four years and investigated ten organizations of different sizes which had all dealt with a major data protection breach in this period.
The Gov Report in Details
- The increasing number of cyber-attacks and their technical complexity make security breaches an important risk for businesses. In consequence of these changes in the cyber-crime field, the layers of security that were efficient only a few years ago, now seem outdated.
- “In response to these increasing levels of risk, nearly all participants acknowledged the need for ever greater levels of vigilance and investment in cybersecurity”, according to Digit News.
- The preparation for a cyber-attack varies according to the size of the organization: while medium and large businesses have plans of response in case of an attack and budgets for cybersecurity acquisitions, small businesses are mainly unprepared and reactive facing data protection risks.
- The report also emphasizes that organizations depend more on technology than on people to stay secure. The majority of businesses consider employees more probably to be a weakness in case of an attack than the technology developed for protection.
- The involvement of leadership in security issues also varies: while in most organizations the leadership team understood the importance of cybersecurity only after the attack, in some organizations cybersecurity is already supported by the board (even if not in all businesses is clear if the leadership had perceived the magnitude of the thread).
Conclusions
The majority of the organizations from this study showed that after the breach the leadership participates more in improving the data security of their companies.
One positive outcome of the breaches was that it was a tangible means to demonstrate that ‘these cyber threats are real’ to leadership, underscoring the importance of cybersecurity.
Fortunately, with external help, most organizations were able to identify and fix the problem that enabled the attack.
Nevertheless, this cybersecurity incident created a great deal of personal stress and inconveniences for some of the employees – sometimes even long-term stress – that could be avoided with the right cybersecurity tools.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.