By Chris Milborrow, Digital Senior Manager (Digital Transformation) at BDO Scotland and Claire Robertson, Head of Digital Risk and Advisory Services at BDO Scotland
CYBERSECURITY is one of the most pressing issues facing businesses in Scotland.
The landscape surrounding cyber is incredibly fast-moving, with an ever-evolving threat backdrop amidst regulatory changes which are forcing businesses to put cyber at the top of their risk list.
In BDO’s 2023 Global Risk Landscape report, a staggering 74% of businesses in the UK reported that cybersecurity was their number one risk priority. This is a stark figure which clearly indicates the significance of the issue.
Worryingly, over half (55%) of businesses said that they are struggling to handle the speed and sophistication of attacks – and the scale of said attacks speaks clearly to the importance of getting ahead of the game.
Across the UK, the Government reported that 32% of businesses had experienced a breach or attack in the last year – a figure which was markedly higher for medium businesses (59%) and large businesses (69%) as well as high income charities with more than £500,000 annual income (56%).
When the regularity of cyber-attacks is shown so clearly, it’s no surprise that so many businesses have cybersecurity at the top of their risk agenda.
Cybersecurity and business continuity
The reason that cyber remains so high on business’ risk registers is because of its potentially catastrophic impact on business continuity. A cyber-attack can render a business helpless in a few short hours, so being on the front foot in terms of monitoring for penetration and acting swiftly can make all the difference.
Businesses over a certain size should be employing a Chief Information Security Officer (CISO) as well as their usual IT teams. A well-skilled CISO will guide your business through the steps towards cyber preparedness and then actively work to monitor attempts and deploy rapid defences in the event of a breach.
Cyber breaches are a serious business. Data breaches cost an average of £3.2m, while operational technology breaches – where your systems are taken out of action – can cost significantly more.
The CISO skills gap
The 2023 DSIT report into the cyber workforce found that 50% of UK workforces have basic cyber security skills gap and 43% have a complementary skills gap (within their cyber team). At a more senior level, the skills gap presents issues including escalation and board advisory communication – it’s vital that a CISO is adequately skilled in educating the board about the state of play and putting forward a case for his or her approach.
Cyber skills gaps are well documented and impact businesses of all sizes and sectors. Scottish businesses can look at outsourcing elements of this to help mitigate the gap – for example, BDO Scotland works with a number of businesses to help them augment their IT teams and communicate cyber risk levels to leadership, to improve decision making.
BDO is hosting a webinar on the topic of cybersecurity and the risk to businesses on Wednesday 27 September. You can register for attendance here.