By Daniel Hunter
UK businesses have increased the amount they are spending on protecting themselves from cyber attacks and are putting in place better protection from risks to their cyber security. But their adversaries continue to outperform them, according to the Global State of Information Security Survey, by PwC.
The survey interviewed 9,600 executives from 115 countries — including over 420 from the UK - across all industries, on the challenges they face in protecting their businesses and their most valuable assets from cyber attack.
According to the survey, the number of security incidents detected in the UK in the past 12 months increased by 69%, compared to a global increase of just 25%. UK companies are taking cyber security more seriously, becoming skilled at identifying where their vulnerabilities are and putting in place the necessary processes and policies to mitigate the threat.
By prioritising cyber security as a national threat the UK has made significant advancements ahead of its European counterparts. The number of companies which have adopted an overall information security strategy has increased by 17.5%. Whilst almost 64% of security professional in the UK report directly to the board or CEO, only 54% of European organisations do the same.
However, worryingly, over 16% of UK businesses do not know how many security incidents they have had in the last year. Also, 24% see the top level of leadership as the biggest obstacle to improving the overall effectiveness of the security function. Nearly a quarter do not think there is a senior executive who proactively communicates the importance of information security.
UK respondents say the top three obstacles to improving security are: insufficient capital funding, a lack of leadership from the CEO or Board, and a lack of vision on how future business needs will impact security.
“As cyber threats evolve, it is critical that organisations rethink their security strategy so that it is integrated with business needs and strategies and is prioritised by top executives," Grant Waterfall, cyber security partner at PwC, said.
"Collaboration with others to improve security has become a key way to gain knowledge of dynamic threats and vulnerabilities.”
Globally, the survey reports that smart phones, tablets, the “bring your own device” (BYOD) trend, and the increased use of cloud computing have elevated security risks. However, efforts to implement mobile security programmes do not show significant gains over last year and continue to trail the increasing use of mobile devices. While 47% of respondents use cloud computing–and among those who do, 59% say security has improved–only 18% include provisions for cloud in their security policy.
The survey found that while most respondents have implemented traditional security safeguards (such as virtual personal networks, firewalls, encryption of desktop PCs), they are less likely to have deployed tools that monitor data and networks to provide real-time intelligence about today’s risks.
Insiders, particularly current or former employees, are cited as a source of security incidents by most respondents. And while many believe nation-states cause the most threats, only 4% of respondents cited them, whereas 28% pinpoint hackers (those who gain unauthorised access to a computer or network to steal information or cause harm) as a source of outsider security incidents.
Join us on