The UK is Europe’s most breached country in cybersecurity terms, according to a new report.
Data security solutions provider Thales eSecurity revealed the findings in its 2018 Thales Data Threat Report.
Thirty-seven percent of businesses in the UK reported cyber attacks in 2017, compared to 33 percent in Germany, 30 percent in Sweden, and 27 percent in the Netherlands.
The levels of attack on the UK appear to represent a step up from previous years. Sixty-seven percent of UK respondents admitted that security breaches had taken place at some point in the past, significantly fewer than the 78 percent and 74 percent seen in Sweden and the Netherlands, respectively.
Last year, the British government announced its determination to make the UK the “safest place in the world to live and work online”, which may have been a red rag to attackers.
Despite the increasing numbers of incidents, the UK shows less concern about cybersecurity, with just 31 percent of UK organisations feeling either “very” or “extremely” vulnerable to cyber threats, compared to almost half of those surveyed in Sweden and the Netherlands, for example.
An unseen wave
Peter Galvin, chief strategy officer, Thales eSecurity said:
A tidal wave of data breaches is continuing to roll across Europe, with three in every four organisations now a victim of cyber-crime. As a result, people are feeling more vulnerable than ever before, worried about where the next threat will come from, and in what form.
“To stand the best chance of success against these advanced attacks, businesses need to dedicate the appropriate level of attention, budget, and resource into safeguarding their sensitive data, wherever it happens to be created, shared or stored,” he continued.
“The deployment of encryption is a well-recognised strategy to mitigate the risk of data breaches and cyber-attacks, as well as protect an organisation’s brand, reputation and credibility.”
The research found that British companies are at least committing new funding to securing the enterprise. Seven in ten UK organisations have increased IT spending over the past year, although they lag behind their counterparts in Sweden and Germany.
GDPR and data security
European organisations – and all those who wish to do business in the continent – have also had to prepare for the new data security laws introduced with GDPR, which came into force on 25 May – in the UK under the Data Protection Act.
Swedish businesses ranked bottom when it came to compliance, found the report, with almost half failing their audits. The Netherlands and Germany ranked just above them, while the UK proved better organised, with just 19 percent failing data security audits.
Internet of Business says
There is an arms race between security professionals and connected businesses on one side, and hackers and malware creators on the other. For example, the last few years have seen widespread cyberattacks via malicious code, such as the WannaCry worm, the NotPetya attack, and Industroyer, among others.
One reason for the increased security threat is that previously isolated machinery, goods, and services have been brought online to boost efficiency, productivity, and automation. This creates ever-growing IoT networks in which security is either an afterthought, or difficult to ‘bolt on’ to devices that may never have been designed with internet connectivity in mind.
Cybercriminals and state-sponsored hackers have been quick to recognise the ease with which they can tap into some of these networks, often through personal devices, gaining access to vital infrastructure.
Critical systems in energy, transportation, and healthcare are particularly at risk, with the hyper-regulated, budget-conscious world of health presenting some of the biggest challenges, with devices that can’t be easily replaced or upgraded.
The answer is to move away from the ‘security as an afterthought’ mentality that many organisations possess, and adopt a secure by design approach. Asaf Ashkenazi of Rambus, explains the benefits of this in our recent Q&A.
Ultimately, though, there needs to be a cultural shift within many organisations, in which they start taking cybersecurity risks more seriously, give them the funding they need, and weave security issues more closely into their strategies and development frameworks.