'Cyber security – could do better' says survey of Channel Islands businesses
In an age when even the world’s largest tech companies, who live and die by their technical know-how, have had to admit to global breaches of confidential data, more than 2000 enterprises, offering a good representation of the islands’ business profile, were invited to take part in the survey. The results yielded concern and reassurance in roughly equal measure.
The report’s author and senior consultant in information security, David Cartwright, said: “Some of what we learned was pretty much as expected but there were real surprises. On the one hand, only 49% of respondents were certain they hadn’t been hacked in the previous 12 months, with another 26% saying they ‘don’t believe so’ – this could suggest over-confidence, given the difficulties of detecting many cyber attacks, and certainly implies a need for much more security testing, which really ought to be done at least once a year.
“But in contrast, over two-thirds provide information security training at least once a year to all staff, which is reassuring given the expectation by a similar number that a future breach was likely to be due to user error, with many also fearing problems from malware and dodgy file downloads. Only 13% feared malicious user behaviour.
“However, this leaves a fair number of organisations that really aren’t up to speed. 37% have no certification and don’t work to a security standard. 32% say they work to a standard but I’d suggest quite a few could find themselves short if they were actually to test that. And only 8% hold Cyber Essentials certification, despite it being inexpensive, straightforward … and mandatory for most UK government suppliers, with the States of Jersey to follow suit in 2020. Meanwhile, 31% of all respondents have nobody nominated to look after information security and 28% don’t give regular training.
“This means, overall, that a third – perhaps many more – of Channel Islands organisations are potentially more vulnerable than the rest to cyber attack and, frankly, are doing nothing about it.”
Grant Thornton’s head of marketing, David Spring, added: “When we started the survey this summer we didn’t know how well Channel Islands organisations might be faring. The results have shown the exercise to be extremely worthwhile. There is much to chew over and there are clear improvement recommendations for many businesses. Perhaps seeing these results might itself be a catalyst for many of them.”
The full report, Cyber Security Survey – Results, with detailed results, commentary and recommendations, may be downloaded from Grant Thornton at https://www.grantthorntonci.com/en/News-Centre/cyber-security/cyber-survey/
- ends -
Notes for editors
For further information please contact
David Spring, head of marketing
Tel: 01684 592214
Facebook: https://www.facebook.com/GTCI.Recruitment/ http://bit.ly/GTCI-CyberReport
Images for download
Click on any image to view or download in higher resolution.
David Cartwright, report author and senior consultant in information security
Grant Thornton logo (CMYK)
Grant Thornton logo (RGB)