There are many ways in which businesses can, and often unintentionally, expose themselves to cybersecurity risks, including:
- Reliance on digital services - 99% rely on email addresses for employees, websites or blogs, social media pages etc.
- E-Commerce - Online business bank account, ability for customers to order, book or pay online
- Use of cloud computing - 59% of businesses
- Use of personal devices for regular work - 46% of businesses
A 2017 Cyber Security Breaches Survey uncovered the fact that virtually all 1,523 businesses that took part in the survey were at risk of a detrimental cybersecurity threat. This revelation lends well to why 74% of UK businesses admit to the fact that cybersecurity is a top priority for senior management. However, despite figures such as these, breaches are still prevalent amongst the 35% organisations whose senior managers consider cybersecurity a low priority and in the 41% of firms where online services are not recognised as core to the business.
Last year alone, the average business identified 998 breaches. The most common were in relation to:
- Fraudulent emails
- Viruses, spyware and malware
- People impersonating the organisations in emails or online
Businesses that hold personal data on their customers electronically, of which 61% of businesses do, are more likely, on average, to have breaches – 51% versus 46%. This statistic is particularly noteworthy when considering the fact that ransomware underscores the value of any electronic data that businesses hold and this is not limited to personal or financial data.
Nonetheless, only 11% of UK businesses have incident management processes or contingency plans in place to counter the far-reaching cybersecurity threats that are posed to them.
Moreover, reporting of said cybersecurity breaches remain largely unreported. Last year, 58% of businesses did not report their most disruptive breach as they felt it wasn’t significant enough. A 24% claim to be unaware of how to actually go about reporting a breach, whilst 10% think reporting won’t make a difference and 3% don’t believe reporting breaches is beneficial to their business.
BSI’s essential cybersecurity standards enable you to protect your business, employees and customers from cyber threat. Standards Online (BSOL), the online service that is home to over 97,000 internationally recognized standards is an imperative component of any business that wants to feasibly manage their standards and remain compliant.
Exclusively in relation to cybersecurity, BSOL houses ISO/IEC 27001 Information Security Management Systems, in which 75% of subscribers have said it reduces business risk. ISO/IEC 27001 lays down the foundations of an effective cybersecurity strategy, through its reflection of current best practices and easy implementation of an Information Security Management System.
A range of other cybersecurity standards for securing IT infrastructure and data protection are also available through BSOL: BS10012 Data protection; BS ISO/IEC 27033 Family for network security; BS ISO/IEC 27035 Family for information security incident management.
For a fast and easy way to work with and implement cybersecurity standards, visit the BSOL standards information page.