Cyber-security strategies demand new approach – SASIG

Businesses across the UK have been urged to take a people-first approach to tackle cybersecurity.

Commenting in the findings from the recent UK Government Cyber Security Breaches Survey 2022, the Security Awareness Special Interest Group (SASIG), said the survey highlighted the need for a change in approach.

It said the survey identified a real lack of investment in both staff training and supply chain safeguarding when it came to mitigating cyberattacks. The importance of tackling such issues was reiterated in the announcement that 39% of UK businesses had experienced a cyberattack in the past 12 months.

The survey findings identified key areas of weakness which included the fact that limited board understanding of cybersecurity meant the risk was often passed on to outsourced cyber providers. Findings showed that small, medium and large businesses outsource their IT and cybersecurity to an external supplier 58%, 55%, and 60% of the time respectively. However, only 13% of businesses assessed the risks posed by their immediate suppliers, with organisations saying that cybersecurity was not an important factor in the procurement process.

Martin Smith MBE, founder and chairman of the SASIG, said: “As with any area of business, to achieve real success with a cybersecurity strategy, businesses must always take a people-first approach. Having a robust cybersecurity policy in place is one thing but having a real understanding of how to implement this, as well as clear processes for tackling a cyberattack must always be company-wide to have any real impact and long-term benefits.

“The results of the Government’s latest Cyber Security Breaches Survey point to under-investment in meaningful staff training and awareness-raising, as well as a failure to safeguard companies from threats posed by their supply chains. A people-first approach to cybersecurity and protection against cyberattacks that includes regular training, information sharing and awareness-raising, as well as regularly reviewing the risk from suppliers is key to the ongoing protection of every company’s operational and financial performance.”

The organisation said the survey highlighted the need for a more people-focused strategy for tackling cybersecurity issues. It found that just under one in five businesses (17%) and charities (19%) provided training or awareness-raising sessions specifically for those not directly involved in cybersecurity. The findings did state that relevant training and awareness-raising sessions are more commonplace in larger organisations with 61% of businesses and 64% of charities with an income of £5million saying they have offered this training in the past 12 months, however, in both micro/small businesses and charities with an income below £100k, the figure dropped to just 16%.

Follow us on twitter: @risksEmerging

Twitter feed is not available at the moment.