IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Is security too low on the business agenda?

Company boards are failing to put enough stress on cybersecurity, consultants warn. This could leave businesses vulnerable

Cyber security Francis Maude

Inside the enterprise: Cybercrime is, unfortunately, a fact of corporate life. The most recent UK government study, carried out for the Department for Business, Innovation and Skills, found the number of security breaches suffered by firms had actually fallen somewhat but the cost of breaches has risen.

The 2014 Information Security Breaches Survey, which was carried out by consulting firm PwC, found that 81 per cent of enterprises suffered a security breach, down from 86 per cent in 2013. Among smaller firms, 60 per cent reported breaches, down from 64 per cent the year before.

But there should be no need for complacency: the researchers found both the "severity and impact" of breaches have increased. The average cost for a breach at a large organisation ranges between 600,000 and 1.15m; for smaller companies the figure was between 65,000 and 115,000. The Government survey also found that companies were increasing their investment in cyber security.

But another, more broadly focused report this time from consulting firm KPMG suggests information security is by no means at the top of the corporate agenda.

The firm's annual Business Instincts Survey, a study of 500 senior executives, found that cyber security ranked third in boardroom priorities, below the need to invest in people skills, and even below plant and machinery purchases.

KPMG found businesses do realise they need to increase spending on cyber security, and that there was evidence of under investment in protection and countermeasures over the last few years. But boards are also being put off investment by what many business leaders see as scaremongering.

"Every day we hear of new cyber attacks and incidents I see a real risk of boardrooms doubting the severity of the issue and the extent of their vulnerability," cautions Martin Tyley, a partner in KPMG's cyber security practice.

He believes that instead of trying to bolt on security after the event, companies will do better to build security into their business processes, and take a positive approach to managing the risk. The threat, he suggests, will not go away.

The accusation of scaremongering is, of course, hard to refute. There will always be company executives who claim that spending on security is unnecessary, just as those who will be tempted to skimp on insurance until their company falls victim to fire or flood.

The challenge is for IT security teams to present the risks in a measured, realistic way, rather than through fear, uncertainty, and doubt.

"The scale and severity of security threats for businesses is increasing every day and as a result, security can no longer be viewed as a segregated backroom' issue," warns Chema Alonso, CEO of Eleven Paths, the information security subsidiary of Telefonica.

"The security of information and systems should be an issue which permeates to the very top levels of a company and rightfully so given the commercial, legal and reputational damage caused by security breaches."

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022