Digital risk tool

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

UK business leaders identify far fewer risks affecting their businesses, compared to Germany and France, according to research from the Gowling WLG Digital Risk Calculator. This new free tool allows small and medium size businesses to better understand their digital risks and compare these to other businesses and industries.

Research informing the Gowling WLG Digital Risk Calculator was gathered from 999 large SMEs in the UK, France and Germany. Findings revealed an overly optimistic picture among UK business leaders, with UK respondents identifying far fewer digital risks as a threat to their business; when compared to the views of their European counterparts. UK respondents consistently identified between 2 and 25pc less than non-UK respondents for each risk area analysed.

Helen Davenport, director at Gowling WLG, a law firm, said: “The recent wide ranging external cyber-attacks such as the Wannacry and Petya hacks reinforce the real and immediate threat of cyber-crime to all organisations and businesses. However, there tends to be an “it won’t happen to me” attitude among business leaders, who on one hand anticipate external cyber-attacks will increase over the next three years, but on the other fail to identify such areas of risk as a concern for them. This is likely preventing them from preparing suitably for digital threats that they may face.”

Respondents said that external cyber risks (69pc) are thought to be the most concerning category of digital threat for businesses across all countries surveyed. This risk is anticipated to grow even further, with 51pc of respondents believing that it will increase within the next three years. Other digital risks of concern to participants include customer security (57pc), identity theft / cloning (47pc) and rogue employees (42pc). More than a third of respondents (40pc) also believe that the lack of sufficient technical and business knowledge amongst employees is a risk to their business. Also, one third (32pc) of UK businesses feel that digital risks related to regulatory issues have increased during the past three years. However, less than a third (29pc) believe that regulatory issues are a risk to their business.

Data protection

Risks related to highly sensitive/valuable data are the second most prominent risk to businesses (55pc), according to respondents. However, when asked about the GDPR, which represents the most significant change to data protection legislation in the last 20 years, only one seventh (14pc) of UK businesses were aware of the fines they may face for failing to protect their data. In comparison, 26pc of respondents from Germany and 45pc from France were aware of the maximum fine, placing UK business leaders at the back of the pack when it comes to understanding the risks posed by failure to comply with the GDPR.

Despite the identification of data risks, only 52pc of UK businesses do regular data back-ups, compared to 66pc in Germany and 67pc in France. Moreover, only 32pc of UK businesses and 39pc of businesses in Germany open to using off-site storage for sensitive data today, compared to 50pc of French businesses.

Legal support

Given the changing nature of the digital world, the majority of business leaders (70pc) involve IT support in their digital risk management. However, in comparison the number that say they involve legal support drops to an average across the surveyed nations of 31pc (46pc UK, 23pc Germany and 23pc France, respectively). When asked about how prepared they feel for their digital risks, only 16pc of all respondents stated that they are fully prepared.

Patrick Arben, partner at Gowling WLG, says: “When affected by a cyber-attack or any other digital threat, the immediate focus is to work with IT professionals to understand what has happened. However, it is always worth taking internal or external legal advice, before commencing an investigation and as circumstances change. The essence for all business leaders is to stop ignoring the digital risks their companies face. By doing this, they can easily and proactively work to prevent future attacks from happening.”