Security breaches don't lead to a change in IT policy

Cyber attack

A survey conducted by training company QA, reveals that eight out of ten (81 percent) UK IT decision makers experienced some sort of data or cyber security breach in their organization in 2015. Sixty-six percent said that the breach had led to a loss of data, 45 percent said that it had resulted in a loss of revenue, and 42 percent said that it had resulted in a PR nightmare for the business.

Despite this, however, less than a third (27 percent) plan to invest in cyber security technologies next year. It would also appear that not all organizations have learnt from their experience, with less than half (43 percent) of IT decision makers saying that the breach had not resulted in a change of policy and procedure.


Perhaps it’s not surprising that 40 percent said they didn’t feel confident they had the right balance of cyber security skills in their organization to protect it from threats in 2016.

The Biggest Threats to Corporate Security in 2016

  • Organized/automated cyber-attack (54 percent)
  • Compromise through employees e.g. social engineering (11 percent)
  • Lack of encrypted data (10 percent)
  • Employee negligence e.g. lost laptops or other mobile devices (eight percent)
  • Not having or enforcing security policies and procedures (six percent)
  • Human error is the second largest concern (19 percent) for IT decision makers, with both "compromise through employees" and "employee negligence" both featuring in the top five threats.

When asked about key areas for investment to protect the organization from cyber threats in 2016, over two thirds (70 percent) of IT decision makers said they plan to invest in hiring qualified cyber security professionals in the coming year. Seventy-eight percent said that they also expected budgets for hiring to increase next year. However, hiring isn’t a quick and easy solution.

Over eight out of ten (84 percent) respondents said that it took on average up to three months to fill a cyber security skilled role on their team. To help address this, 45 percent say they plan to invest in further training for existing cyber security staff and 34 percent of IT decision makers said they planned to cross-skill/train other IT staff in cyber security specialism.

When asked which organizations they would go to for advice on increasing capabilities around cyber security, the findings show respondents would predominantly turn to the IT sector. An overwhelming 92 percent said they would turn to their IT/technology services partner and almost half (45 percent) would seek advice from IT vendors.

Top 10 places for advice on increasing capabilities around cyber security:

  • IT/technology services partner (92 percent)
  • IT vendors (45 percent)
  • Security consultant/consultancy (25 percent)
  • Government bodies (20 percent)
  • Training organizations (17 percent)
  • The Information Commissioner (ICO) (16 percent)
  • Accrediting body (14 percent)
  • Peers (14 percent)
  • Trade & Industry associations (14 percent)
  • Colleagues (nine percent)

A large majority of high profile breaches, comprise a mix of technological know-how and human error.

Published under license from, a Net Communities Ltd Publication. All rights reserved.

Photo Credit: ra2studio/Shutterstock

One Response to Security breaches don't lead to a change in IT policy

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.