Across the globe, businesses are racing to implement new technologies, using data to innovate and grow in an increasingly inter-connected world. Organisations face disruption from new market entrants, emerging technology and an ever-changing threat landscape. To compete in the digital world, they must recognise and protect themselves from cyber risks and build resilience to cyber shocks - large-scale events with disruptive consequences.
Our research reveals that organisations still aren’t getting on top of the risks they face from cyber attacks. Many don’t know how many attacks they’ve suffered nor how they occurred. Breaching an organisation by targeting its employees is the most common cause of attack. Despite customer and employee records being compromised, many organisations are leaving it to chance. They aren’t preparing for what to do in the event of an attack. And yet there are some effective steps that organisations can take to mitigate their risks, including regular testing of their cyber security defences.
Our Global State of Information Security® Survey is based on interviews with 9,500 business and technology executives from 122 countries, including 560 UK respondents. Explore the UK findings below and the full global report here.
If you'd like to find out how we can help you manage your cyber security risks, get in touch using the contact details below.
"Forging close working collaborations and sharing intelligence is often the best way to tackle the latest threats. New forms of attack require new ways of working to defend our society."
There's no doubt that the impact across a business from a cyber attack is severe. More than a quarter of businesses (28%) don't know how many cyber attacks they've had and a third don't know how they happened.
Although the average total financial cost of incidents decreased this year to £857,000, the impact of breaches was felt more widely across both business operations and data.
Businesses faced an average of 19 hours of down-time following an attack. Customer records were compromised at one in four organisations.
Despite the impact on a business from an attack, nearly one in five respondents (17%) say their organisation doesn't prepare or drill for cyber attacks.
Less than half (49%) conduct penetration tests to examine their defences. And less than half (44%) have a cyber insurance policy in place to cover the various impacts of breaches.
The majority of UK organisations surveyed (64%) have an overall security strategy in place and 53% agree that spending of their information security budget is based exclusively on risk. However, only 34% have boards actively participating in the strategy, compared to the global average of 44%.
UK organisations are more reluctant than their global peers to join forces with others in the fight to reduce cyber risk.
Only two in five UK respondents (44%) formally collaborate with industry peers to improve security and reduce the potential for future risks, compared with 54% across Europe and 58% globally.
Even within their own organisations, only just over half of UK respondents (53%) have put a cross-organisational team in place - including leaders from finance, legal, risk, human resources, IT/information security functions - which meets regularly to co-ordinate and communicate information security issues.