Majority of UK firms have no staff training for cyber-attacks, figures show
More than two thirds of Britain’s biggest businesses have admitted staff lack training to deal with the growing threat of cyber-attacks, new research has shown.
Top companies and charities have been told to do more to protect themselves from online threats after a Government survey of leading firms found one in 10 (10 per cent) FTSE 350 companies had no plan to cope with cyber incidents.
The annual Cyber Governance Health Check found 68 per cent of boards had received no training over what to do in a cyber attack despite more than half (54 per cent) acknowledging it was a top threat to their business.
Separate research found charities were also at risk of attack, particularly smaller organisations which rely on outside IT providers to deal with cyber threats.
Cyber security has been of increasing concern for ministers in the wake of a worldwide ransomware attack which hit the NHS in May, affecting phone lines, scans and patient records, and forcing hospitals to cancel operations.
Politicians in both Westminster and Holyrood have also been targeted by hackers, who undermined around 90 email accounts in London in June, including those of three MPs.
MSPs and Holyrood staff were warned this week that hackers were attempting to access weak email accounts.
“We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right,” says Matthew Hancock, Minister of State for Digital.
“These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training.
“Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre.”
The Cyber Security Among Charities report, also published on Monday, found major variation between charities on awareness of the threat with staff admitting gaps in their knowledge.
“Charities have lots of competing priorities but the potential damage of a cyber-attack is too serious to ignore,” says Helen Stephenson, chief executive, Charity Commission for England and Wales.
“It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation.
“Charities need to do more to educate their staff about this threat and ensure they dedicate enough time and resources to improving cyber security.”