Sunday 8 May 2016 11:37 am

More proof British business is terrible when it comes to cyber security

Two thirds of businesses in Britain have been targeted by cyber attacks in the past year while a quarter have experienced a security breach at least once every month, new research reveals.

But an astonishing half of firms are still not tackling the issue by identifying the risks they face via audit or risk assessments, once again highlighting how unprepared firms still are despite the growing threat.

Just three in 10 businesses have written cyber security policies, according to the government's Cyber Security Breaches Survey with Ipsos Mori, while only one in ten have any formal processes for managing such incidents.

Read more: Banks have been warned they're vulnerable to this specific new cyber attack

"Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data," said digital minister Ed Vaizey.

Of Ftse 350 companies more than half say cyber security is one of the biggest risks to their business, a rise on just under a third who said the same last year, a separate report to coincide with the survey found.

The government's Cyber Governance Health Check report with KPMG, indicates that while top firms understand the importance of cyber security, they are failing at gathering the right information to be able to take action.

“Cyber-attacks continue to pose a growing threat to business. While cybersecurity has made it onto the Board’s agenda, board judgements on risk are often based on incomplete and partial management information," said technical director of the consultancy's cyber security practice David Ferbrache.

Read more: Anonymous launches cyber attack on Bank of Greece

More than half of boards (54 per cent) said they only hear about the issue occasionally – when something has gone wrong or bi-annually – while only a third of Britain's top firms understand the threat they face.

"Cyber security is getting boardroom time, but that is far from the end of the journey. Board members need to take collective responsibility for cyber security and consider it in every aspect of the business. If they can do that, then perhaps cyber security will become mainstream and a vital component of doing business in our digital world,” said Ferbrache.

The government will set out a fresh strategy to help business, consumers and its own departments tackle cyber attacks later this year and its new National Cyber Security Centre staffed by former GCHQ bosses will open this autumn to concentrate the efforts of the private sector.

The hack of Talk Talk last year is the most high profile among top British firms to date, however, several attacks have been launched on government central banks in Bangladesh, Greece and the Philippines in separate incidents in the past few weeks.