In a month from now, the UK will welcome GDPR which will give the ICO more powers to defend consumer interests and issue fines of up to £17 million or four percent of global turnover on organisations in the event of data breaches owing to poor cyber-security credentials.
With little time to prepare, it is expected that businesses and charities across the UK have already prepared cyber-security policies, appointed CISOs, elevated cyber-security matters to the board level, restricted IT admin rights to specific individuals, placed security controls over company-owned devices, and installed firewalls with appropriate configurations to ensure the security of enterprise and customer data.
However, the government’s latest Cyber Security Breaches Survey 2018 has revealed that even though some progress has been made, many businesses and charities are still unprepared to meet emerging cyber-threats and are, in some aspects, woefully unprepared when it comes to complying with the GDPR’s requirements or steps mandated under the government’s Cyber Essentials Scheme.
With 85 percent of the UK’s adult population using smartphones and many others using other connected devices to access the Internet, it is but natural that 98 percent of UK businesss and 93 percent of registered charities use websites and social media platforms to communicate with customers, clients, and contributors to sell products and services and to accept payments.
Websites and other digital assets owned by many businesses and charities contain a lot of sensitive enterprise and customer data and it falls upon the controllers and handlers of such data to ensure their security and to prevent their breach under any circumstance. However, the survey revealed that in the past 12 months, 43 percent businesses and 19 percent charities experienced cyber-security breaches or attacks.