Image by rawpixel.com on Freepik

As our reliance on digital systems continues to grow exponentially, digital defence has now become more important than ever. Cyber threats can be devastating to individuals, organisations as well as business owners.

According to the UK government’s Cyber Security Breaches Survey 2022, 39 percent of UK businesses experienced a cyber attack, with phishing being the most common at 83 percent. 

Twenty-one percent experienced more sophisticated attacks, such as denial of service, malware, or ransomware. Ransomware was also a major threat, despite being less prevalent, with 56 percent of businesses having a policy not to pay the ransom.

On average, a cyber attack could cost a business £4,200. For medium and large businesses, the average cost is £19,400. It is highly likely that these numbers might be an underestimate due to the lack of a framework for reporting the financial impacts of cyber attacks.

The study also found that organisations with more robust cybersecurity are more likely to identify cyberattacks, suggesting that less cyber-mature organisations may be underreporting attacks. However, only a small percentage of businesses review the risks their immediate suppliers provide.

Besides these threats, cloud-related threats have also become worrying to business leaders. PwC’s annual Digital Trust Insights survey revealed that cloud-related threats are the top cybersecurity concern for 39 percent of UK senior executives in 2023. 

Meanwhile, 33 percent of executives expect attacks against cloud management interfaces to increase. The other 20 percent expect attacks on the Industrial Internet of Things (IIoT) and operational technology (OT) to grow in the next 12 months.

Mitigating digital threats

Considering these threats, it is high time business owners pay more attention to safeguarding their assets. 

Last March, the UK’s cyber security experts invited business leaders to learn about new resources to mitigate cyber risks. The new tools and guide are part of the Cyber Security Board Toolkit from the National Cyber Security Centre (NCSC). It is designed to help senior leaders have essential discussions about cyber security with their technical experts and key stakeholders.

The updated toolkit includes new content to help business leaders understand the benefits of cyber security, essential activities, and indicators of success. It also features bite-sized videos, an executive summary, and a podcast with industry experts.

Apart from employing the toolkit, business executives and leaders need to implement extra security measures. Some are identity verification, sensitive data encryption, and secure networks and devices. 

Employees and customers are essential partners in cybersecurity, so businesses should train them to identify and avoid cyber threats, such as phishing scams, malware attacks, and social engineering. 

Training should help everyone in an organisation understand their responsibility in data protection. Additional training for employees on handling customer data appropriately and reporting suspected security incidents is also essential.

If a security incident does occur, a business should already have an incident response plan ready. The plan should mention responsible key personnel to establish communication protocols. It should also be regularly tested and updated to minimise the impact of cybersecurity incidents and maintain customer trust.

Digital risk management (DRM) software and strategies can also help organisations identify and prioritise digital threats. These tools can find and fix vulnerabilities before attackers exploit them. 

When combined with human analysts who can triage alerts, DRM can help organisations save time and resources and improve their overall cybersecurity posture.

Keep in mind that cybersecurity should be a continuous journey. By constantly monitoring and testing systems and networks, businesses can minimise the risk of cyber threats. Over time, taking steps to improve their security posture can help identify potential security gaps before they become a problem.