There’s a cyber arms race and criminals are winning

Further to my post about identify theft the other day (here), the National Crime Agency this week published their 2016 Cyber Crime Assessment, and it makes sobering reading. The NCA reports that there were 2.46 million “cyber incidents” last year, including 700,000 frauds, with the biggest threat coming from “a few hundred” criminals. Furthermore “Data breaches are the most common cyber crimes committed against businesses and the NCA estimates that cyber crime costs the UK economy billions of pounds per year.” and that “Under-reporting continues to obscure the full impact of cyber crime in the UK.“. A study conducted by PWC in 2015 suggested that ‘90% of large companies and 74% of small companies had experienced some kind of breach in the previous 12 months, and most had experienced more than one – the average was four’. When you add these statistics to our own most recent consumer research – available here – which found that 97% of people alter their behavior as a result of a data breach and 30% of those respondents stated that they wouldn’t do business with the company again – there’s a clear message. And unfortunately that message is that businesses will be hacked, and data breaches will continue to take place – despite the best efforts of the NCA, and the UK government promising to spend £1.9bn on cyber defences over the next five years. Surely the safest path for any business – to quote Stephen Orfei of the PCI Standards Council – is to “take risk off the table“. If you’re not storing card or sensitive data then, even if your organisation is breached,...

State of the Nation

The UK Government yesterday published some worrying new statistics about the state of cybercrime affecting British business. The headline – which the BBC reported on the breakfast news – was that “Two thirds of large UK businesses hit by cyber breach or attack in past year.” The Cyber Security Breaches Survey also reported that a quarter of four large firms experienced data breaches – often involving viruses, spyware or malware – on a monthly basis. But that only half of all firms have taken any recommended actions to identify and address vulnerabilities. Scarier still, only a third of all firms had formal written cyber security policies and only a tenth had an incident management plan in place. As these are prerequisites for the PCI DSS, one hopes that those companies who have their act together are those that process card data for their customers. The survey found that almost half of the top FTSE 350 businesses regarded cyber attacks as the biggest threat to their business, up from just 29 per cent in 2014. The Government will be publishing a new national cyber security strategy later in the year, but with cyber attacks and data breaches becoming more prevalent, why wait? We work with companies to help them reduce the risk of expensive and embarrassing data breaches. If the bad guys do manage to hack your organisation and you’re not storing card data then you’ve protected both your customers from potential fraud and your business’s reputation. We also help companies put together standards, policies and procedures to help protect data, and to develop incident and data breach response plan....