According to a recent study of employers by leading professional services firm PwC, UK business are still not taking cyber security as seriously as they should be.
This article from the CIPD highlights how leadership teams are becoming more aware of the issue but there’s still a long way to go.
HR data at risk as attacks become more likely with increasing use of the cloud
UK businesses are not taking cyber security as seriously as they should be, a study of employers by professional services firm PwC has found.
Detected breaches in workplace security systems has increased by 38 per cent in the past year, according to The Global State of Information Security Survey 2016, conducted in partnership with CIOmagazine and CSO.
But although the problem of cyber attacks is increasing, nearly 10 per cent of UK respondents said they didn’t know how many attacks they had been subjected to, and 14 per cent did not know how they had happened.
As more workplaces and individuals switch to cloud-based working and use the internet of things – the ability to access the internet from phones and ‘smart’ objects – the subsequent increase in inter-connectedness has created new opportunities for hackers to break into previously secure systems.
More than two-thirds (69 per cent) of survey respondents said they used a cloud-based security service, and 36 per cent of UK survey respondents said they have a security strategy to specifically deal with the internet of things.
Cyber attacks via mobile phones are becoming more common, with 36 per cent of respondents reporting these incidences, up from less than a quarter (24 per cent) in 2014.
This issue has attracted the attention of leadership teams, with 45 per cent of respondents saying their board members are involved with the company’s cyber security strategy. A similar proportion (41 per cent) said their board helped set security policies, compared with 36 per cent in 2014.
A cyber security incident now costs £1.7 million on average. A third (33 per cent) of those surveyed reported having employee records compromised following a breach.
“The first thing is to recognise that that is a risk, that the HR department actually owns valuable data and so for them to be engaged with how that data is stored and protected and where it goes and consider the processes within the business that manages that data,” said Richard Horne, cyber security partner at PwC.
Staff that are currently employed are the leading source of breaches, closely followed by former employees, the research showed.
Commenting on the PwC report, Dave Palmer, director of technology at cyber security company Darktrace, said: “Technology has made working habits more flexible, thanks to remote working tools and mobile devices, bigger networks and cloud systems. From a cyber security perspective, this means that attackers have more places to hide, while at the same time, HR professionals have a harder time detecting high-risk employees. Increasingly HR teams are embracing new technologies that give them better oversight of how employees are interacting with company data and which alert them to unusual behaviours in real time.”
Horne added: “The whole area of cyber security actually has huge implications for HR. There’s a huge need for a HR to change some of the ways they think in many organisations.”
PwC surveyed10,040 executives online from across 127 countries, including 637 in the UK.