The number one threat to businesses in 2022, according to Forbes, is data breaches. The rate at which cyber criminals are targeting businesses globally has grown exponentially in the last three years, and it is still climbing. While hackers have become even more creative with their attacks, Information Commissioner, John Edwards, points out that “the biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within”. How, then, can business best use their budget to protect themselves from cyber threats and up their IT security?

The cost of data breaches

The cost of data breaches for businesses can be far-reaching. Depending on the type of data involved, the consequences for businesses can include destruction or corruption of databases, the leaking of confidential information, the theft of intellectual property and possible compensation those affected.

There is also a risk to a company’s reputation if negligence has led to a data breach, making customers and suppliers wary of handing over sensitive information.

In the UK, companies can also be fined up to 5% of annual earnings by the ICO. As an example, in 2021, construction firm, Interserve, was fined £4.4m over a ransomware incident that saw data of 113,000 employees stolen. The company was found to have ignored crucial security measures, including adequate patching and staff training.

Efficient cyber security budgeting is key

While it may seem that a greater IT security budget is needed by companies in order to be able to effectively fight back against these increased threats, in reality, more efficient use of budgets is the key. Two areas in particular can significantly improve overall business security – regular IT security auditing and staff training.

IT security audit

An IT security audit is a comprehensive review of an organisation’s security status. The audit includes performing an analysis of a business’s infrastructure, procedures, configurations and policies. Using a specialist firm to conduct your audit can help a business to thoroughly assess whether their existing safeguards are robust enough to meet the challenges of today’s threat landscape.

IT security training

Complacency often grows out of bad habits and this is also true for cyber security in the workplace. The number one reason that data breaches occur is because an organisation’s staff are not following best practice with their day-to-day IT use. Examples include, opening email attachments from unknown sources, browsing on external websites, poor IT security on personal computers used away from the office and installing software and plugins on business networks.

Comprehensive and regular IT security training can make all the difference in changing these behaviours and keep staff aware of, and able to act on, the most current risks and cyber threats.

The cost of complacency and negligence can be dear for a company and while assessing and implementing IT security measures has an outlay, the question business owners need to ask themselves is ‘can I afford not to?’.

How we can help