One in five UK businesses don't prepare for cyber attacks
UK companies are unprepared for potential cyber-attacks against their business, with major shortcomings in many areas of security, new research has said.
A report released today by PwC found that a worrying amount of British firms only have adequate security protection in place, or are unaware of how best to prepare against attacks.
The study, which surveyed 560 senior business and technology executives from the UK as part of a global survey of 9,500, discovered that nearly one in five UK organizations don’t prepare or drill for cyber attacks, meaning they could be easy pickings for criminals.
The lack of preparedness could be the reason why workers themselves are finding themselves under attack, as PwC found targeting employees to breach businesses was responsible for over a quarter of all attacks in 2017 so far -- up from 20 percent last year.
Elsewhere, three in 10 British businesses said they didn't know how many cyber attacks they suffered last year, with a third saying they wouldn't be able to identify the cause of incidents if they were attacked. Only 44 percent of UK companies had cyber insurance policies in place in case of attacks or breaches -- far lower than the 58 percent global average.
Overall, the average UK information security budget last year was £3.9m, however, only 34 percent of companies have boards actively participating in the strategy -- compared to the global average of 44 percent. Perhaps unsurprisingly, only just over half of British businesses said they had a cross-organizational team in place working on cyber security issues.
"Cyber attacks could happen to any organization at any time, so it’s important that all businesses and public sector organizations are getting the basics right and continually testing their approach to prepare themselves in the right way. In that critical moment when an attack hits, the ability to act quickly and effectively is key to minimizing business disruption and reputational harm," said Richard Horne, cyber security partner at PwC.
"Cyber security needs to be viewed as a ‘team sport’ rather than just an issue for the IT team. To be most effective, everyone in an organization should be considering the security implications of their actions. Pulling a business together like that requires strong leadership from the top."
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.