How concerned should Scottish businesses be about cyber security threat?

Amid the ongoing shockwaves of a cyber attack on Scotland’s environmental regulator, and now the Scottish Prison Service targeted by hackers, the much-feared issue of criminals staging online break-ins has found itself very much in the spotlight north of the Border of late.

A UK government study found that 46 per cent of businesses reported a cyber attack in the previous 12 months. Picture: Getty Images/iStockphoto.

The Scottish Environment Protection Agency (Sepa) has seen a wealth of stolen data illegally published, saying “sadly we’re not the first, and won’t be the last national organisation targeted by likely international crime groups”.

Meanwhile, the incident comes as day-to-day life increasingly moves wholesale online on the back of the pandemic, manna from heaven for opportunistic cyber criminals.

Sign up to our daily newsletter

The i newsletter cut through the noise

But looking at Scotland’s private sector specifically, how concerned should firms be and what resources are available to help tackle the issue?

Abertay University says its degree in ethical hacking is growing in importance as co-ordinated cyberattacks are now 'commonplace'. Picture: Stuart McClay.

Scotland is a “pioneer” in cyber, boasting more than 200 cyber security companies, according to a major report from London Tech Week, which highlighted Cyan Forensics (whose technologies help law enforcement and social media companies find and block harmful online content), security services firm Adarma, and IT security testing company 7 Elements as among key players in the market.

Read More

Read More
Cybercrime is a growing threat but preventing it creates a real opportunity for ...

Furthermore, it was announced yesterday that Cyber Scotland Week, which will run virtually from February 22 to 28, will unite key sector players to "help make Scotland a more secure and resilient place to live and work” – and including a session on how to successfully embed cyber security into an organisation’s culture.

In fact those behind the event cite UK Government data finding that 46 per cent of businesses reported a cyber attack in the previous 12 months – and of those, about a third were experiencing these issues at least once a week in 2020, up from 22 per cent in 2017.

Additionally, among the 46 per cent, one in five said it had experienced a material outcome. The average financial cost was estimated to be £3,230, rising to £5,220 for medium and large firms.

Cyber Scotland Week is a partnership between the likes of the Scottish Government, Police Scotland, ScotlandIS, Scottish Enterprise, and the Scottish Business Resilience Centre (SBRC).

The latter aims to “become the catalyst that makes Scotland one of the safest and most resilient places to live, work, and do business, both on and offline”.

The body said last month that Ciaran Martin, the founding chief executive of the National Cyber Security Centre (NCSC) – part of GCHQ – had joined its board to strengthen its strategic cyber relationships across the UK.

Mr Martin has had a key role in bringing about Exercise in a Box – a free online tool that helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.

And he believes the biggest threat to most businesses is large-scale, transnational, mostly non-Western organised cybercrime, with data and money the most prized swag – but where the Achilles heel lies depends very much on the type of business involved.

“If you have a fairly primitive business in terms of technology, but you've got a dataset of 100 million customers, you need to worry about personal data protection,” he said.

"If you have 50 customers, but you've got a really sensitive piece of research that could change the world, then you need to worry about the research, but not your customer database. It's all about understanding the risk, both of what you care about, and who might want it."

The SBRC has also, along with the Scottish Government and Police Scotland, launched what it billed as the UK’s first cyber incident response helpline, for smaller firms to get support following a cyber attack.

The Linlithgow-based centre also works with Abertay University, training ethical hacking students in the subject while giving them corporate experience presenting workshops and events to businesses across the UK.

The university says it was the first in the world to offer degrees in ethical hacking, and the London Tech Week report observed that more than 70 per cent of Scotland’s universities now offer cyber security courses.


Dr Natalie Coull, who leads the cyber security division at Abertay, said its academics were “early to recognise the value that an offensive approach to cybersecurity can offer” – adding the course is one of the most popular at the university.

“Promoting an investigative, curious and analytical mindset, our academics train students to be able to think like a hacker in order to reveal potential vulnerabilities in systems that might leave them open to attack,” she explained.

Additionally, the division “has grown significantly over the last decade, mirroring the expansion of cybersecurity as a career and an integral element of almost every modern business”, she said.

Abertay was last month recognised as the first Scottish university to achieve the gold level Academic Centre of Excellence in Cyber Security recognition from the NCSC.

"Cybersecurity affects everyone and, as such, we work with a variety of agencies, organisations and businesses from a diverse range of sectors,” Dr Coull said.

"In the coming years our main outlet for business collaboration will be through the £18 million CyberQuarter project.” Dr Coull explained the initiative aimed to attract existing cyber security firms to Dundee, support the creation of new companies, and boost the security and resilience of the Scottish business community.

There do seem to be some positive signs. The UK Government in its survey found an increase in businesses saying that cyber security was a high priority for their senior management boards at 80 per cent, up from 69 per cent in 2016.

With the attack on Sepa seen as proof that no organisation is too big or small for cybercriminals, businesses must make sure they batten down the hatches as much as possible.

Dr Coull said: “We would always urge businesses to invest in cybersecurity and treat a possible attack as a credible threat to their operations.”

A message from the Editor:

Thank you for reading this article. We're more reliant on your support than ever as the shift in consumer habits brought about by coronavirus impacts our advertisers.

If you haven't already, please consider supporting our trusted, fact-checked journalism by taking out a digital subscription.


Want to join the conversation? Please or to comment on this article.