leowolfert - Fotolia
One-third (33%) of businesses think there is conflicting advice on cyber security, according to the Cyber Security Breach Survey 2017.
And in businesses that have actively sought information, advice or guidance, the proportion that think there is conflicting advice is even higher at 37%, the survey showed.
The research, commissioned by the Department for Culture, Media and Sport and conducted by Ipsos Mori in partnership with the Institute for Criminal Justice Studies at the University of Portsmouth, noted the overall lack of advice on cyber security received by non-IT experts who took part in the study.
Businesses felt their non-specialist staff faced a lack of tailored or specific advice. One finance firm said it wanted more specific advice to give its staff on the latest phishing emails that they might expect to receive in their sector.
And a firm of solicitors noted that advice about avoiding scams was sometimes too broad.
Cyber threats range from a simple act of vandalism on a website to an attack on critical national infrastructure.
Brian Lord, former deputy director for intelligence and cyber operations at GCHQ, who now runs cyber security provider PGI Cyber, said initiatives such as Cyber Essentials could help smaller companies achieve a basic level of security to thwart opportunist hackers. “Businesses need to look at who is likely to steal from them and what is the risk,” he said.
Lord said it should not cost “more than a few hundred quid” to meet the 23-point Cyber Essentials criteria, but added: “There is a sense that cyber security services are ridiculously expensive, which makes it unaffordable for small organisations.”
For example, he said a business with a “normal risk” should not have to pay £1,000 a day for a penetration tester, but because of the high cost of certification, penetration testing skills are highly sought after, which drives up costs.