UK businesses still failing to address cyber security, research claims
PwC study shows that UK firms are still not making enough effort to address security threats
Despite the ever-growing threat of cyber attacks, new research has shown that businesses in the UK are failing to effectively prepare themselves for an attack.
A study conducted by PwC showed that almost half of UK organisations lack a dedicated inter-departmental team working on business-wide security issues, and more than 15% do not conduct any cyber security drills or preparations.
On top of this, businesses are still failing to place adequate importance on cyber threat intelligence. Almost a third of respondents admitted that they have no idea how many cyber attacks they suffered in the past year, and one-third said that they had no idea how the attacks they they fell victim to were carried out.
"Cyber attacks could happen to any organisation at any time,"said PwC cyber security partner Richard Horne, "so it's important that all businesses and public sector organisations are getting the basics right and continually testing their approach to prepare themselves in the right way. In that critical moment when an attack hits, the ability to act quickly and effectively is key to minimising business disruption and reputational harm."
For UK companies, the biggest risk comes from their own employees, with more than a quarter of attacks using staff members as an initial attack vector. This is compared to the rest of the world, where compromised mobile devices present the most common threat.
While the average monetary cost of a breach actually fell this year, the study showed that exfiltration of records and information is increasingly the aim of breaches. Compromisation of customer and employee records were reported by more than 20% of businesses, and more than 20% reported the loss or damage of internal records.
Encouragingly, more than 60% of organisations surveyed said that they have an overall security strategy. However, less than 40% said that their boards do not actively participate in their strategy, lagging 10% behind their global counterparts.
"Cyber security needs to be viewed as a 'team sport' rather than just an issue for the IT team,"Horne said. "To be most effective, everyone in an organisation should be considering the security implications of their actions. Pulling a business together like that requires strong leadership from the top."
"Working with others across the public and private sector is key too. Forging close working collaborations and sharing intelligence is often the best way to tackle the latest threats. New forms of attack require new ways of working to defend our society."