While the likes of Talk Talk, Tesco and Yahoo breaches have made the headlines, there are many more that go under the radar, says Amanda Finch, General Manager at the Institute of Information Security Professionals (IISP).

The 2016 Cyber Security Breaches Survey, carried out on behalf of the UK Government, found that 65% of large businesses had suffered a breach in 2015/16, and that 25% of them were experiencing one breach per month. But size is no longer important when it comes to cyber crime and criminals, hacktivists and state-sponsored groups are turning their attention to SMEs that in most cases present a softer target.

For example, the last 12 months has seen a rapid rise in ransomware attacks on SMEs, a fast spreading type of malware that encrypts computer files, rendering the data unusable.  The hackers then simply demand payment in exchange for a key to unlock your files.  The criminals also know that if they price it right, most SMEs will simply pay up rather than face the disruption along financial losses and embarrassment. Companies handling payments are also under greater threat and need to provide better protection and secure personal data against increasingly sophisticated attacks.

CEOs can no longer live under the misconception that they are safe or no one would want to attack their companies.

One of the things CEOs can do right now is to become Cyber Essentials certified, a Government scheme designed to help SMEs put in place basic security controls to mitigate the risks from cyber attacks.

The cost of doing nothing is soon going to get more expensive and damaging thanks to The General Data Protection Regulation (GDPR), designed to protect the privacy of consumer data more effectively, which takes effect from May 25th 2018.  Penalties can be up to 4% of global turnover, or 20 million euros, whichever is the greater.

While the threats are getting greater, finding people with the right skills to protect businesses is getting tougher. The National Cybersecurity Strategy, published in November 2016, states that, “the UK requires more talented and qualified cybersecurity professionals.”

The Government, academia and industry are now working together to fill the skills gap underpinned by professional bodies such as the IISP to support education, training and accreditation. As well as attracting new people into the industry from other disciplines, we need to encourage more students and school age children to explore exciting and lucrative career opportunities in cyber security.

One of the most exciting new initiatives is the plan to establish a new National College of Cybersecurity at the historic code-breaking venue of Bletchley Park in Buckinghamshire.

The UK is still a global leader when it comes to cyber security and UK companies have access to some of the best talent in the world. The challenge is to keep pace with cyber crime and stay one step ahead of the criminals.