IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK businesses still failing to address cyber security, research claims

PwC study shows that UK firms are still not making enough effort to address security threats

Locks on a screen with one open and in red

Despite the ever-growing threat of cyber attacks, new research has shown that businesses in the UK are failing to effectively prepare themselves for an attack.

A study conducted by PwC showed that almost half of UK organisations lack a dedicated inter-departmental team working on business-wide security issues, and more than 15% do not conduct any cyber security drills or preparations.

On top of this, businesses are still failing to place adequate importance on cyber threat intelligence. Almost a third of respondents admitted that they have no idea how many cyber attacks they suffered in the past year, and one-third said that they had no idea how the attacks they they fell victim to were carried out.

"Cyber attacks could happen to any organisation at any time,"said PwC cyber security partner Richard Horne, "so it's important that all businesses and public sector organisations are getting the basics right and continually testing their approach to prepare themselves in the right way. In that critical moment when an attack hits, the ability to act quickly and effectively is key to minimising business disruption and reputational harm."

For UK companies, the biggest risk comes from their own employees, with more than a quarter of attacks using staff members as an initial attack vector. This is compared to the rest of the world, where compromised mobile devices present the most common threat.

While the average monetary cost of a breach actually fell this year, the study showed that exfiltration of records and information is increasingly the aim of breaches. Compromisation of customer and employee records were reported by more than 20% of businesses, and more than 20% reported the loss or damage of internal records.

Encouragingly, more than 60% of organisations surveyed said that they have an overall security strategy. However, less than 40% said that their boards do not actively participate in their strategy, lagging 10% behind their global counterparts.

"Cyber security needs to be viewed as a 'team sport' rather than just an issue for the IT team,"Horne said. "To be most effective, everyone in an organisation should be considering the security implications of their actions. Pulling a business together like that requires strong leadership from the top."

"Working with others across the public and private sector is key too. Forging close working collaborations and sharing intelligence is often the best way to tackle the latest threats. New forms of attack require new ways of working to defend our society."

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022