Tierney - stock.adobe.com
More than a third – 38% – of businesses in Scotland feel unprepared to deal with the impact of a cyber attack on their organisation, despite 66% believing that the issue of cyber security has become much more important to them in the past 12 months, according to a study conducted by the Scottish Business Resilience Centre (SBRC).
A year on from the relaunch of the National Cyber Security Centre’s (NCSC’s) Cyber Essentials scheme – designed to help organisations better protect themselves against cyber attacks – 78% of respondents said they were aware of the existence of the programme, but only 54% were cognisant of its potential benefits.
NCSC statistics have shown that businesses which obtain the Cyber Essentials certification are much more effective cyber operators, and can prevent or limit the fallout of up to 80% of the most common cyber attacks – with the added benefit of increasing trust among customers.
SBRC CEO Jude McCorry urged more businesses in Scotland to take advantage of the programme, saying: “We’ve seen the number of cyber attacks rise over the past year, and a change in the type of attack as cyber criminals seek to take advantage of our increased reliance on technology while working remotely.
“It’s not a case of ‘if’ your systems will be attacked, but ‘when’, so it’s vital that business owners go on the offensive and prepare themselves – particularly as the majority of attacks are basic in nature and can be prevented. Learning that so many businesses aren’t confident in how they can prevent attacks is cause for concern.
“Cyber Essentials is a simple way for business owners to become more aware of their cyber processes, and accreditation demonstrates to their customers and suppliers that they take their cyber resilience seriously.
“It’s clear from the survey that many aren’t aware of the scheme, so we’d like to take this opportunity to encourage people to look into it. Improving your cyber defences could mean the difference between your company surviving a cyber attack or losing all your systems and data,” added McCorry.
The SBRC went on to highlight how achieving Cyber Essentials certification can also uplift organisations in other ways too – some UK government contracts, for example, now require the certification, and private sector organisations may choose to make it a condition of working alongside them. This was reflected in its report data, which found 37% of those who were not certified believed they might have lost out on business as a result.
Emma Philpott, CEO of IASME, which co-created Cyber Essentials, said: “We are pleased to be able to work in close partnership with the SBRC and support their activity with spreading awareness of cyber activity throughout Scotland. By offering crucial support and advice to Scottish businesses, they are making the UK a safer place to do business.”
Read more about security training
- As cyber security risks grow daily, businesses must educate staff about these through cyber awareness training. But how can they ensure this is taken seriously by employees?
- Find out how much you know about preventing user-caused cyber security incidents through education in this security awareness training quiz for infosec pros.