Firms not moving fast enough on cyber security

• New IoD and Barclays study finds one in three (37%) SMEs don’t have a cyber-strategy in place

• Two fifths (40%) wouldn’t know who to contact to report online fraud

A worrying number of UK businesses have no formal plan to protect their business from a cyber-attack and the number of SMEs preparing themselves has not improved from a year ago. This is according to a new report from the Institute of Directors and Barclays, launched today.

Although almost all companies (94%) think security of their IT systems is important, only half (56%)* have a formal strategy in place to protect their devices and data, unchanged in the last year (57%)†. The report, Cyber security: Ensuring business is ready for the 21st century supported by Barclays, shows that despite a number of high-profile cyber-attacks over the last year, more than a third (37%) of IoD members lead or work in organisations without a formal cyber security strategy, and worse still, in the event cybercrime was to hit their business, 40% would not know who to report it to.

With the new General Data Protection Regulation, which comes into effect in next May, companies will be made much more accountable for their customers’ data, and the IoD and Barclays are urging business leaders to step up their preparations now.

The Government has made positive steps in the last year to protect business and consumers, particularly by founding the National Cyber Security Centre, the report said. By bringing together several different agencies, and placing the centre within GCHQ, the UK authorities are well-placed to detect and understand cyber threats. For businesses, however, ultimate responsibility will always lie in the boardroom. The report reveals almost half of UK firms (44%) don’t have any cyber awareness training for their employees. The IoD is calling on companies to increase cyber training for directors and employees, and run attack simulations, to make sure security systems are robust.

Stephen Martin, Director General of the Institute of Directors, said: “The UK is a leader in the digital economy, but if we are to build on our existing strengths and capitalise on new technologies, we have to go into the future with our eyes open to the risks. This report has revealed that business leaders are still putting cyber security on the back burner. The results, even for small and medium-sized businesses, could be catastrophic.

“With threats evolving all the time, and demanding new regulations just around the corner, we cannot afford another year of complacency from business. Now is the time for firms to test their defences and make sure all of their employees, including management, have the right skills and knowledge on cyber security. This isn’t just an IT issue, it’s a business survival issue.”

Adam Rowse, Head of Business Banking at Barclays, said: “In this digital age, cyber security should be a priority for every single business. More must be done to help businesses recognise the threat an attack could have not just on their bottom line, but to their reputation or even future existence. Keeping customers’ data safe and secure is a legal responsibility so they need to prepare for the unforeseeable.

“SMEs need a strategy in place to weather cyber-storms- a head in the sand approach won’t do. This could include a resilience plan raising staff awareness of the common types of attack, investing in up to date software protection and knowing who to report the crime to if the unexpected occurs.

“At Barclays we want to help UK businesses and their employees to fight back against the cyber criminals, so we’ve launched free cyber security training at our Eagle Lab sites across the country, led by Barclays’ Digital Eagles. Knowing how to stay safe and protected online is a major step forward for businesses to operate with digital confidence.”

Barclays’ partnership with the IoD is part of the bank’s drive to empower the general public with digital confidence and skills, and to raise awareness of the importance of cyber security. Earlier this month the UK Government announced Barclays had signed up to its Digital Strategy, committing to assist at least one million people with digital skills and cyber awareness. For more information visit https://labs.uk.barclays/cyber-security-workshops

*A survey of 845 members of the IoD conducted in December 2016

†A survey of 980 members in December 2015

ENDS

Contact for further comments or to arrange interviews:

Donjeta Miftari

Press Officer

Institute of Directors, 116 Pall Mall, London SW1Y 5ED

T: 020 7451 3285

M: 07525 886 941

E: donjeta.miftari@iod.com

Notes to editors

• The Institute of Directors is a non-party political organisation, founded in 1903, with approximately 30,000 members. Membership includes directors from right across the business spectrum – from media to manufacturing, professional services to the public an