A recent survey by the EEF (the Engineering Employers’ Federation) has shown that the number of businesses reporting cyber security breaches has risen once again.
Majority of Businesses Face a Cyber Threat
The study, which surveyed over 650 businesses of varying size in a range of sectors including the technology, consultancy and professional services, government, education, financial services, insurance and banking, revealed that 90% of large businesses and 74% of small businesses reported a security breach in 2015.
Yet, despite these figures, the survey also found that many businesses are still failing to take steps to protect themselves against cyber threats.
Business Owners Ignore Cyber Risk
EEF’s research revealed that of the manufacturing firms surveyed:
- 46% of manufacturing firms had not increased their investment in cyber-security over the past two years
- 20% had made no move to increase employee awareness of cyber-security risks
- Only 56% said cyber-security is given serious attention by their board
- Only 36% have a cyber-security incident response plan in place
“As technology and data start to play increasingly critical roles in manufacturing, companies will inevitably find themselves more vulnerable to cyber breaches,” says Lee Hopley, chief economist at EEF. “It is important that manufacturers are able to identify, understand and put the correct strategies in place to keep their businesses safe and cyber secure.”
It will also be a requirement, once EU’s new data and network protection legislation is in place…
EU Will Set Cyber Protection Standard
In response to the continued rise in cybercrime, the EU has been drafting new legislation. Under the General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive, businesses will be required to comply with certain specified cyber security requirements.
Although initially only applying to medium-sized businesses, it would be good practice for owners of smaller businesses to get ahead of the game, familiarising themselves with the new requirements and using them as a benchmark for their own cyber security practices.