Cyber security breaches could prove costly for UK businesses
Most business decision makers in the UK admit that their organisation will suffer from a cyber security breach at some point. They also anticipate that to recover from a data breach would cost upwards of £1.2 million on average for their organisation; the highest figure globally. This is according to a new Risk:Value report from global information security and risk management company, NTT Com Security, which surveyed business decision makers in the UK as well as US, Germany, France, Sweden, Norway and Switzerland.
While nearly half (48%) of UK business decision makers say information security is ‘vital’ to their organisation and just half agree it is ‘good practice’, a fifth admit that poor information security is the ‘single greatest risk’ to the business, ahead of ‘decreasing profits’ (12%), ‘competitors taking market share’ (11%) and on a par with ‘lack of employee skills’ (21%).
Well over half (57%) agree that their organisation will suffer a data breach at some point, while a third disagree and one in ten say they do not know. Respondents estimate that a breach would cost them £1.2m, even before ‘hidden costs’ like reputational damage and brand erosion are taken into consideration, and take on average two months to recover from. They also anticipate a 13% drop in revenue, on average, following a breach.
The survey shows that recent high profile data breaches are starting to hit home. A similar report published by NTT Com Security in 2014 revealed that 10% of an organisation’s IT budget was spent on information security, compared to 11% this year. However, in the latest report around a quarter (23%) of UK businesses reveal more is spent on human resources (HR) than on information security.
In terms of remediation costs following a security breach, nearly a fifth (18%) of a company’s costs would be spent on legal fees, 18% on fines or compliance costs, 17% on compensation to customers, and 11% for third party remediation resources. Other anticipated costs include PR and communications (14%) and compensation paid to suppliers (12%) and to employees (11%).
According to the report, the vast majority of respondents in the UK admit they would suffer both externally and internally if data was stolen, including loss of customer confidence (66%) and damage to reputation (57%), as well as direct financial loss (41%). Over a third of decision makers (34%) expects to resign or expects another senior colleague to resign as a result of a breach.
Stuart Reed, Senior Director of Global Product Marketing at NTT Com Security, comments: “Attitudes to the real impact of security breaches have really started to shift, and this is no surprise given the year we have just had. We’ve seen several major brands reeling from the effects of serious data breaches, and struggling to manage the potential damage, not only to their customers’ data, but also to their reputation. While the majority of people we spoke to expect to suffer a cyber security breach at some point, most fully expect to pay for it as well – whether that’s in terms of third party and other remediation costs, customer confidence, lost business or even possibly their jobs.”
Whose responsibility is it anyway?
· 41% of UK organisations have a disaster recovery plan in place, and 40% have a formal security policy in place. In both cases, almost half are in the process of implementing or designing one.
· When it comes to responsibility for managing the company’s recovery plan, 15% say the CEO now has responsibility, although it still largely falls to the Chief Risk Officer (CRO), Chief Information Office (CIO) or Chief Security Officer (CSO).
· While 77% agree it is ‘vital’ their business is insured for security breaches, only 26% have dedicated cyber security insurance. However, 38% are in the process of getting a policy.
· One in five respondents in the UK say they do not know if their organisation has any type of insurance to cover for the financial impact of data loss or an information security breach.
“It’s encouraging to see that almost all UK businesses now have a disaster recovery and formal information security policy in place, or are planning to implement one soon,” adds Reed. “Clear, concise internal processes and policies for employees and contractors have so often been overlooked and this is what can lead to complacency and poor security hygiene. When we talk to clients, we make it clear that educating staff about security should be a top priority, supported by clear, simple procedures and backed up by a solid incident response plan.”
Siemens: Providing the First Industrial 5G Router
Across a number of industry sectors, there’s a growing need for both local wireless connectivity and remote access to machines and plants. In both of these cases, communication is, more often than not, over a long distance. Public wireless data networks can be used to enable this connectivity, both nationally and internationally, which makes the new 5G network mainframe an absolutely vital element of remote access and remote servicing solutions as we move into the interconnected age.
Siemens Enables 5G IIoT
The eagerly awaited Scalance MUM856-1, Siemens’ very first industrial 5G router, is officially available to organisations. The device has the ability to connect all local industrial applications to the public 5G, 4G (LTE), and 3G (UMTS) mobile wireless networks ─ allowing companies to embrace the long-awaited Industrial Internet of Things (IIoT).
The router can be used to remotely monitor and service plants, machines, as well as control elements and other industrial devices via a public 5G network ─ flexibly and with high data rates. Something that has been in incredibly high demand after being teased by the leading network providers for years.
Scalance MUM856-1 at a Glance
- Scalance MUM856-1 connects local industrial applications to public 5G, 4G, and 3G mobile wireless networks
- The router supports future-oriented applications such as remote access via public 5G networks or the connection of mobile devices such as automated guided vehicles in industry
- A robust version in IP65 housing for use outside the control cabinet
- Prototypes of Siemens 5G infrastructure for private networks already in use at several sites
“To ensure the powerful connection of Ethernet-based subnetworks and automation devices, the Scalance MUM856-1 supports Release 15 of the 5G standard. The device offers high bandwidths of up to 1000 Mbps for the downlink and up to 500 Mbps for the uplink – providing high data rates for data-intensive applications such as the remote implementation of firmware updates. Thanks to IPv6 support, the devices can also be implemented in modern communication networks.
Various security functions are included to monitor data traffic and protect against unauthorised access: for example, an integrated firewall and authentication of communication devices and encryption of data transmission via VPN. If there is no available 5G network, the device switches automatically to 4G or 3G networks. The first release version of the router has an EU radio license; other versions with different licenses are in preparation. With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and autoconfiguration of the devices,” Siemens said.
Preparing for a 5G-oriented Future
Siemens has announced that the new router can also be integrated into private 5G networks. This means that the Scalance MUM856-1 is, essentially, future-proofed when it comes to 5G adaptability; it supports future-oriented applications, including ‘mobile robots in manufacturing, autonomous vehicles in logistics or augmented reality applications for service technicians.’
And, for use on sites where conditions are a little harsher, Siemens has given the router robust IP65 housing ─ it’s “dust tight”, waterproof, and immersion-proofed.
The first release version of the router has an EU radio license; other versions with different licenses are in preparation. “With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and auto-configuration of the devices,” Siemens added.