A fifth of UK firms hit by cyber-attacks, putting private data at risk

UK companies are ill-equipped to deal with cyber-attacks, a report by the British Chambers of Commerce (BCC) says. Nearly one in five smaller companies (18 percent) have fallen prey to cybercrime, and the figures are even worse for larger firms.

When looking at companies with more than 100 employees, the number that have been hit by cyber-attacks jumps to a staggering 42 percent. More than three quarters of the firms surveyed by the BCC did not have anti-hacking security measures in place, and most relied on third-party firms to clean up after an attack rather than having in-house solutions.

The BCC looked at 1,200 companies and found that just 24 percent had implemented security features specifically designed to protect against hacking. Cure, it seems, is preferable to prevention for UK companies. 63 percent of those involved in the survey turned to outside IT firms to mop up the effects of a cyber-attack, but organizations such as police forces and financial institutions were far more likely to have in-house experts.

The director general of the BCC, Adam Marshall, said:

Cyber-attacks risk companies' finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity. While firms of all sizes, from major corporations to one-man operations, fall prey to attacks, our evidence shows that large companies are more likely to experience them.

Next year new legislation is due to come into effect which will require companies to take greater steps to protect customer data. In the light of a number of high-profile hacks, coupled with the results of the BCC's survey, it seem that many companies have a good deal of work to do if they are to avoid problems and potential fines.

Marshall says that there is a lot to be learned from the way in which some companies handle their IT security: "Companies are reporting a reliance on IT support providers to resolve cyber-attacks. More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cybersecurity breach and increase clarity around the response options available to victims, which would help minimize the occurrence of cybercrime."

Image credit: badins / Shutterstock