Nmedia - Fotolia

Businesses covering up cyber attacks, says IoD

The Institute of Directors warns that businesses are actively covering up when they have been the victim of a cyber attack

British businesses are consistently failing to take their own cyber security seriously enough, and many are actively covering up cyber attacks, according to a study conducted by the Institute of Directors (IoD) and Barclays.

The IoD surveyed 1,000 of its members in December 2015 and discovered that only 28% of cyber attacks were being reported to the police, even though half of attacks were causing disruption to business operations.

The Cyber-Security: Underpinning the Digital Economy report warned that the scale of security threats facing businesses was being widely underestimated, with 70% of respondents saying they had received bogus invoices via email in a phishing attack attempt.

“Cyber crime is one of the biggest business challenges of our generation. Companies need to get real about the financial and reputational damage it can inflict,” said report author Richard Benham.

“The spate of recent high-profile attacks has spooked employers of all sizes and it is vital to turn this awareness into action. Customers and partners expect the businesses they deal with to get it right.”

The IoD’s report reinforced the findings of a recent survey by security firm Carbon Black, which claimed that UK CIOs tended to be over-confident about their cyber security arrangements.

The IoD found that only 57% had a security strategy in place, despite 91% saying security was important, and only 20% were insured against the possibility. Awareness of services set up to help tackle cyber criminals was also worryingly low, with 68% unware of the existence of the Action Fraud Aware crime reporting service.

Read more about cyber attacks

“As attacks become more prevalent and increasingly sophisticated, businesses need to defend themselves, know how to limit damage and be ready to respond quickly and comprehensively when the inevitable happen,” said Benham.

“No shop-owner would think twice about phoning the police if they were broken into, yet businesses don’t seem to think a cyber breach warrants the same response.”

The IoD said the growing threat of breaches was in danger of creating a cyber-security paradox where most business was conducted online, but nobody had any confidence in the encryption protecting sensitive information in transit. This could lead to a revival of outdated data transit methods, it added.

“Businesses must recognise the threat that cyber crime can pose to them, their reputation and subsequently their bottom line. With the number of customers going online rapidly rising, the issue of cyber security has never been more important,” said Barclays head of business banking, Adam Rowse.

“Companies need to consider cyber security as critical to their business operation as cost or cash flow.”

“Some of the actions that businesses can take to get cyber smart include creating a cyber security strategy, raising awareness among staff of the common cons used to commit cybercrime, installing software that keeps them and their customers’ details safe and keeping all software up to date.”

Read more on Security policy and user awareness