· 18% of UK organisations don’t know how many cyber-attacks they suffered last year
· Nearly eight in 10 experienced down-time due to security incidents
· Average number of security incidents faced by UK companies increased by 23% to 5,792
· Incidents now cost an average of £2.6million, up 53% from last year
· Only 28% of UK boards are involved in setting security strategy
· Current employees continue to be top insider risk but increasingly business partners too
In the week the new National Cyber Security Centre opened in the UK, PwC has published the findings of its latest annual Global State of Information Security Survey 2017, produced in conjunction with CIO and CSO, based on interviews with over 10,000 executives from more than 133 countries, including 479 UK respondents.
With security incidents now costing an organisation an average of £2.6m (up from £1.7m last year, an increase of 53%), executives around the world are waking up to the fact that they can no longer afford to take a passive approach to protecting their assets, leading to the increase in budgets.
Asam Malik cyber security Director at PwC said:
“We’re beginning to see a shift in thinking. Organisations have come to realise that they can’t view cyber security as just a cost or barrier to change given the many high profile incidents we’ve seen recently. Getting security right is not only essential to the day-to-day running of a business, but can even be a competitive advantage, help to drive business growth and build brand trust.”
Boards in the UK aren’t getting as involved as other markets either in setting the security budget, or more importantly the strategy. Only a third of UK companies (33%) have the board involved in setting security budgets compared to the 39% global average, and even fewer (28%) partake in the strategy (42.5% globally).
Not only have the average number of security incidents UK companies faces increased by 23% in the last year to 5,792, but the threat landscape is also changing. The top insider risk and source of incidents for UK organisations continues to be current employees, with former employees a close second, but current service providers, consultants or contractors are increasingly likely to be the cause of cyber threat to a business now too.
It’s also clear that phishing still works to target these groups, with the majority of cyber security breaches reportedly caused by phishing incidents (37%).
Security incidents are now costing organisations more and 79% of UK companies have suffered down-time because of them. Despite this, this year’s study showed a decrease in the number of UK companies who are investing in cyber insurance. In the previous study, 59% had a cyber insurance policy, but in the last year this has decreased to only 38% of respondents reporting to have one (and 10% of these don’t even know what it covers), compared to 53% globally.
UK organisations are also more likely than the rest of the world to keep their cards close to their chest and not share security knowledge with others. Only 40% collaborate with others to reduce future risks, compared to over half across Europe (52%) and globally (55%).
Asam Malik concluded:
“Cyber security is not just about having more budget to buy more technology to patch cyber security holes. Organisations in our region need to take a more strategic approach to how they spend their increased budgets to start to see a real improvement in security posture and to better protect themselves.”
“The organisations that get their approach to cyber security right are the ones that will prosper, build trusted brands and sustained value.”
North, PwC United Kingdom
North, PwC United Kingdom
Tel: +44 (0)7841 468175