The growing global list of companies that have suffered major data breaches highlights the critical importance of cyber security. Google and McAfee estimate there are 2,000 cyber-attacks every day around the world, costing the global economy about €420 billion a year.

Yet more than two thirds of firms say they feel inadequately protected against increasingly sophisticated hackers looking to extort money through blackmail or steal data to sell on the black market. So what should businesses do to improve their security?

The BBC recently asked cyber security experts for their views and came up with a list of six key actions businesses should be taking.

#1 - Protect data, not just the perimeter

In today’s digital economy, businesses are increasingly connecting to customers, suppliers, and employees over the internet. While this has clear advantages for the businesses, it creates hundreds of potential entrances to the company's data. Breaches are inevitable, so companies should prioritise protecting the data that matters most.

Industry experts advise a 'breach acceptance' approach, where firms focus on the data they can't afford to lose, building lots of little walls around it (micro-segmentation), making the  impact of an attack more manageable.

The challenge lies in knowing which data to prioritise.

#2 - Know your data

The complexity of legacy computer systems and the recent proliferation of digital data from mobile and the internet of things (IoT) is making it hard for many firms to know what data they have stored on their systems. A recent survey by Veritas shows that 59% of the data in UK IT systems is unclassified "dark data".

Industry experts advice businesses to properly assess the risks of losing different types of data as central to their security strategy. Best practice data protection, such as using multi-factor authentication and data encryption, and securely managing encryption keys, makes stolen data useless.

#3 - Be aware of insider threat

Insider attacks - intentional or unintentional - can be just as difficult to detect and deal with as attacks coming from the outside. According to one expert, it can take up to 70 days to remediate an insider cyber-attack.

Clicking on email attachments thought to be secure is the number one threat. This risk has the potential to significantly undermine investments in security solutions. Hackers are getting better at getting personal information from social media and other sources (social engineering) to convince people emails are from people they know.

Businesses should educate their staff about this risk.

#4 - Increase vigilance

Monitoring systems can go a long way in building a company's security defences. At the very least, firms should make sure network security certificates and antivirus and firewall software is up-to-date, say experts.

From a technology perspective, investing in monitoring controls to detect when an attack occurs is probably most important. From a non-technical perspective, staff security training can go a long way.

#5 - Getting to grips with mobile

Embrace a zero-trust philosophy.

The advice to companies is 1) restrict staff access to critical data and systems if they are using their own mobile devices for work purposes. 2) Move to a centrally-controlled system that gives IT departments the ability to remotely wipe devices that are lost or stolen.

#6 - Spending more money and time on cybersecurity

As the number one risk for most organisations today, cyber security is everyone's problem, not just the responsibility of IT departments. Cyber security has to be built in to all business processes, especially by those companies with sensitive consumer data.

Source: BBC, Six things firms should do to improve cybersecurity www.bbc.com/news/business-34636751