Many companies lack cybersecurity network
Nearly half of Bermuda businesses do not have a defined cybersecurity network, Government statistics reveal.
A total of 48 per cent of professionals surveyed in the overview of technology on the island said they did not have defined cybersecurity.
However, the biennial survey conducted by the Bermuda Government last year showed that 66 per cent of businesses have a defined technology security policy, and larger companies with 31 or more employees, leading the way with close to 80 per cent reporting a high level of network security.
But just over 50 per cent of smaller businesses with up to nine staff reported the same level of security.
The survey, titled State of ICT in Bermuda 2016, also showed that 68 per cent of businesses had not increased spending on technology security spending in the previous 12 months.
“Only 18 per cent of respondents indicate that their businesses had a technology security incident in the past 12 months, the most common types of which were ransomware, for example, CryptoLocker and infections by virus or other malicious software,” noted the survey.
But businesses remain worried about the security and privacy of their information, with concerns over cloud computing, used by 70 per cent of respondents, increasing compared to 2014-15.
A total of 73 per cent mentioned security and 77 per cent cited privacy.
The survey added: “When asked if their firm had an internal privacy policy or policies in place to protect personal information, only 46 per cent responded yes, which is very much in line with results from the most frequent survey.”
Four out of five companies said they had their data hosted locally, compared to 73 per cent in 2014-15 and 82 per cent in 2012.
The most popular destination for overseas hosting was the US on 48 per cent, followed by Canada on 29 per cent.
The UK accounted for 10 per cent and Europe for 5 per cent, while Malta, Gibraltar, Hong Kong and Switzerland each accounted for 2 per cent.
Nine out of ten local businesses have a disaster recovery or business continuity plan in place, with larger firms again leading the way on 100 per cent.
The US also leads the way for data back up, both for companies that back up information overseas, at 68 per cent, and those who use the cloud for back up storage on 36 per cent.
Canada and the UK take second and third spots, with European Union countries next.
A total of 18 per cent of firms use other jurisdictions like India, the Channel Islands, Switzerland, or said the information was confidential.
Only 19 per cent of businesses felt the internet in Bermuda was secure, a steep decline from the 39 per cent recorded for 2014-15.
The number of firms who said they did not know if the internet on the island was secure went up to 30 per cent, compared to 11 per cent in the previous survey.
The report said: “Those who do not believe that the internet is secure believe that the internet is not secure anywhere anyway.”
The survey noted that 12 per cent of respondents had experienced a security event that resulted in data loss or a service interruption.
It added: “Of those who have experienced a security event, 27 per cent reported it to their IT services provider, and 18 per cent reported it internally.
“International reporting includes reporting to the executive team, to the board of directors, to senior management or the IT department.
“Noticeably, 32 per cent did not report the incident to anyone.”
Only 4 per cent of cybersecurity incidents were reported to police.
The survey found that 46 per cent of businesses outsourced departments, compared to 38 per cent previously.
But most of the outsourcing was done locally, with finance and accounting, human resources and information technology the most common areas.
Of those surveyed, half said their company IT needs are looked after internally, with 35 per cent contracted out to other island firms, and 10 per cent overseas.
Click on related media for full survey