Alarm over low spend on cyber security as MPs review new Bill

Howard Freeman

Howard Freeman

  • At lunchtime today (Monday 5 September), the UK’s next prime minister will be revealed despite delays to voting by Conservative Party members following a GCHQ alert over cyber hackers
  • On the same day the UK Data Protection and Digital Information Bill comes up for its Second Reading when it is expected to come under close scrutiny by MP’s

Data protection experts at UK-based Fortis DPC are warning businesses to be aware of the threat from cyber hackers, with the voting for the new prime minister one of the most recent targets and losses to businesses as a result of data breaches increasing 46% year on year.

Meanwhile, MPs are today preparing to put the new Data Protection and Digital Information Bill today (5 September) through its second reading a long standing data protection expert warns that not enough is being spent at all levels on data protection.

The increase is having an even greater impact on UK businesses where over 80% are falling victim to successful attacks at a cost to the UK economy £3.1bn between April ’21 and April ’22. 

In turn, this has resulted in fines of £44m by the Information commissioner’s Office (ICO) being collected against businesses of every size.

Of those attacks over 79% were through ransomware and phishing attacks are still on the rise. 

Despite this, the average spend on data protection and IT security is less than 13% of the average IT budget.

Howard Freeman, Founder and Managing Director of Fortis Data Protection Compliance, says: “It’s alarming to think that so little money is made available to protect businesses when the consequences can be so significant. For smaller businesses, over 60% ultimately end up going out of business in the twelve months following a cyber-attack.

“Studies have shown that the average cost of a cyber-attack is £30,000. Why wait to be a statistic!”

Howard warns: “The risk that businesses are running doesn’t stop there because a recent survey revealed that 69% of people surveyed would avoid a company that had suffered a data breach, even if it offered a better deal than their competitors.”

Sadly, 95% of data breaches are caused by human error according to IBM Cyber Security Intelligence Insider report.

A key factor in determining the damage caused by a data breach is how long it takes a company to remediate an incident. Statistics from the government’s National Cyber Force (NCF), launched to tackle the growing problem of cyber-crime, indicate that UK organisations took an average of 181 days to identify the fact that a breach had occurred and a further 75 days to contain the incident.

Howard says: “The clear dilemma for businesses today, especially in the current climate of uncertainty is how do you as a business owner protect yourself, leverage the budget available and have peace of mind that you are doing all that can be done to keep your business and its data safe? “Cyber Essentials Certification can reduce threats by up to 70% and it can be done in a day.

“Everyone in the data protection industry is keen to see what the outcome of the Bill will eventually be,” says Howard. “It may never become law, and we applaud its aims to simplify data compliance, but in reality, it is more likely to result in added complications. The government must consider adequacy to the requirements of the GDPR as required by the EU.


Can we help?