Nearly half of businesses have no cyber security policy, survey finds

ALMOST half of businesses who took part in a survey had no policies on data security, cyber security or data protection.

The research also showed a low take-up of the government-backed Cyber Essentials Scheme, with only two per cent accredited under the scheme.

The figures are from Mark Gracey, owner of Flavourfy, an independent digital consultancy specialising in digital marketing, cyber security and data protection.

Mr Gracey’s survey came before last week’s ransomware attack that severely disrupted many parts of the NHS and other organisations across much of the world.

Lytchett Matravers-based Mr Gracey said: “The decision to run a data security survey was twofold: firstly, about raising awareness in Dorset of the risks to reputation from the use of digital (e.g. website hacking, misuse of social media) and secondly, to address the perception that in Dorset we’re not switched onto cyber-security or data protection.”

He was concerned that only five respondents out of 82 had sought accreditation under the Cyber Essentials scheme. More than half had yet to decide on what to do about the General Data Protection Regulation – a new piece of EU legislation which will supersede the UK’s Data Protection Act next May.

The survey found 30 per cent of business owners were not sure if they collected email over a secure connection. Sixty-two per cent were using WordPress, a platform known for security updates, but 11 per cent had never checked for software updates.

Almost a third stored personal data via a cloud-based service, but only 23 per cent had turned on two-factor authentication to protect access.

Forty-six per cent had no policies or procedures covering data security, cyber security or data protection.

Mr Gracey said: “Businesses across the whole of the UK need to wake up to the fact that data protection legislation is changing and with the rise in cyber attacks on all sizes of business, they must do everything they can to protect not just their business but their customers too.“Having a healthy approach to online security and data protection in turn not only protects your business but instils trust in your customers and future customers.”


. . . . . . . .

Leave a Reply