With 70% of businesses having no form of formal cyber security, tech company Evaris wants the UK government to make protection mandatory
With the number of cyber security attacks on the rise and 43% of firms being targeted in the past 12 months, one tech business is petitioning to make online protection mandatory.
IT security specialist Evaris is lobbying for the UK government to make it a legal requirement for companies with up to 250 employees to sign up to an existing Cyber Essentials certification scheme, while larger businesses would need to meet more comprehensive cyber security requirements.
The Manchester-based firm claims cyber crime cost UK companies £21bn and only 27% of businesses have a formal cyber security policy in place.
Terry Saliba, solutions architect at Evaris, said: “Data shows that more than four in ten businesses experienced a cyber security breach in the past 12 months, and these are becoming increasingly sophisticated and costly for businesses across all industries.
“Unfortunately, we still see that many firms are failing to understand the extent of this issue, and so we believe this petition is vital for establishing a compulsory baseline adhered to by all businesses.”
How vulnerable are businesses to a cyber attack?
Large companies report being victims of 12 cyber-attacks per year, while medium-sized firms average six.
With the number of IoT devices in offices increasing, their unique vulnerabilities are also increasingly being exploited.
The global average cost of a data breach to an organisation was calculated to be $3.86m (£3.1m) by IBM and The Ponemon Institute.
This also has knock-on effects for customers as the Internet Society’s Cost of Cybercrime report last year found the annual cost of cyber crime to UK citizens is £3.1bn.
The National Cyber Security Centre is a government agency that provides advice for the public and private sector on how to avoid cyber security threats.
It runs the Cyber Essentials scheme, which gives businesses advice on avoiding the most common cyber threats.
The requirements for being certified under the Cyber Essentials scheme includes firewalls, secure configuration, user access control and malware protection.
The Cyber Essentials Plus programme requires an independent assessment of a business’ cyber security controls.
Evaris wants these programmes to be compulsory for businesses, with several industry bodies supporting the tech company’s calls.
Vince Warrington, CEO of cyber security firm Protective Intelligence, said: “I’m supporting the petition because I’ve had to deal with the consequences of cyber-attacks and seen the destruction they can cause.
“At the moment, far too many companies still see cyber security as a ‘nice to have’ option, rather than an essential part of everyday business.
“But cyber-attacks are not going to simply disappear - the criminals behind them will target your business if you haven’t taken even the most basic steps to keep them out.
“By driving all companies to adopt Cyber Essentials, the government can not only create a good level of basic cyber hygiene across UK firms, but also create a regular flow of cyber security businesses that can bring on board new staff and train them up - helping to reduce the predicted shortfall in qualified cyber security experts that the country will need in the decades to come.”
To sign the petition, click here.