UK companies getting better at cyber security

The number of security incidents detected by UK companies in the past 12 months is almost three times higher than the global average.

  • Monday, 23rd September 2013 Posted 11 years ago in by Phil Alsop

UK businesses have increased the amount they are spending on protecting themselves from cyber attacks and are putting in place better protection from risks to their cyber security. But their adversaries continue to outperform them, according to the new Global State of Information Security® Survey, by PwC

The survey interviewed 9,600 executives from 115 countries - including over 420 from the UK - across all industries, on the challenges they face in protecting their businesses and their most valuable assets from cyber attack.

According to the survey the number of security incidents detected in the UK in the past 12 months increased by 69%, compared to a global increase of just 25%. UK companies are taking cyber security more seriously, becoming skilled at identifying where their vulnerabilities are and putting in place the necessary processes and policies to mitigate the threat.

By prioritising cyber security as a national threat the UK has made significant advancements, ahead of its European counterparts, seeing a 17.5% increase in the number of companies which have adopted an overall information security strategy. Whilst almost 64% of security professional in the UK report directly to the board or CEO, only 54% of European organisations do the same.

However, worryingly, 16% of UK businesses do not know how many security incidents they have had in the last year. Also 24% see the top level of leadership as the biggest obstacle to improving the overall effectiveness of the security function. Nearly a quarter do not think there is a senior executive who proactively communicates the importance of information security.

UK respondents say the top three obstacles to improving security are: insufficient capital funding, a lack of leadership from the CEO or Board, and a lack of vision on how future business needs will impact security.

Grant Waterfall, cyber security partner at PwC said:

“As cyber threats evolve, it is critical that organisations rethink their security strategy so that it is integrated with business needs and strategies and is prioritised by top executives. Collaboration with others to improve security has become a key way to gain knowledge of dynamic threats and vulnerabilities.”

Globally the survey reports that smart phones, tablets, the “bring your own device” (BYOD) trend, and the increased use of cloud computing have elevated security risks. However, efforts to implement mobile security programmes do not show significant gains over last year and continue to trail the increasing use of mobile devices. While 47% of respondents use cloud computing—and among those who do, 59% say security has improved—only 18% include provisions for cloud in their security policy. The survey found that while most respondents have implemented traditional security safeguards (such as virtual private networks, firewalls and encryption of desktop PCs), they are less likely to have deployed tools that monitor data and networks to provide real-time intelligence about today’s risks.

Insiders, particularly current or former employees, are cited as a source of security incidents by most respondents. And while many believe nation-states cause the most threats, only 4% of respondents cited them, whereas 28% pinpoint hackers (those who gain unauthorised access to a computer or network to steal information or cause harm) as a source of outsider security incidents.