Although two in five businesses use a managed IT provider only 13% review the security risks posed by their immediate suppliers.
The National Cyber Security Centre (NCSC) has issued a note declaring it is not aware of any current specific cyber threats to UK organisations in relation to events around Ukraine, but is encouraging organisations to follow simple steps in its guidance to reduce the risk of falling victim to an attack.
Small businesses should adopt the Cyber Essentials scheme to protect against the most common cyber threats such as phishing attacks and use the Small Business Guide to improve cyber security practices.
Larger organisations should use the Board Toolkit to get company executives to act on cyber resilience and charities should follow the Small Charity Guide to boost cyber security operations.
Four out of five senior managers (82%) in UK businesses now see cyber security as a ‘very high’ or ‘fairly high’ priority, up from 77# in 2021. This is a significant increase and the highest figure seen in any year of the cyber security breaches survey.
The report also found four in ten businesses (40%) and almost a third of charities (32%) were using at least one managed service provider but only 13% of businesses reviewed the risks posed by immediate suppliers.
The government is aiming to strengthen critical businesses’ cyber resilience by updating the Network and Information Systems (NIS) Regulations which set out cyber security rules for essential services such as water, energy, transport, healthcare and digital infrastructure.
This will make sure the legislation remains effective and keeps pace with technology. It includes proposals to expand the NIS Regulations to include managed service providers which essential and digital services depend on to operate, to minimise the risk of attacks.
The government is committed to protecting the UK from cyber threats, which is at the centre of its £2.6 billion National Cyber Strategy, by investing in cyber skills, expanding the country’s offensive and defensive cyber capabilities, and prioritising cyber security in the workplace, boardrooms and digital supply chains