The rise in adoption of cyber security has rapidly increased over the past few years becoming one of the biggest threats to our economy. With numerous highly publicised breaches in the form of Ashley Madison, Sony and Yahoo, organisations are now more aware of cyber threats than ever before, and rightly so. However, many are still not taking the threat seriously enough and are failing to put a strategy in place to effectively combat cyber threats.
The costs attached to cybercrime are staggering. In order to fully protect your organisation a substantial investment is needed. PWC’s ‘Economic Crime Survey 2016’ singled out the UK as a hotbed for economic crime, and that the threat of cyber offences was now a “board-level issue”. In the last year alone cyber crime in the UK reached an astounding 5.8m cyber attacks5.8m cyber attacks, costing the British public an estimated £286 million through breaches that could have been prevented.
This October was cyber security awareness month. As a result QA, the UK’s leading IT training company, conducted research to benchmark the status of cyber security within UK PLC. They surveyed over 300 cyber and C-Suite professionals, across all industries. Here Bill Walker, CTO of QA, discusses the results found from the research:
How many organisations have suffered a cyber security breach in the last 12 months and how did that impact their organisations?
37% of organisations that we surveyed admitted that they had suffered a cyber-attack within the last 12 months, but in reality, we expect that this is a much higher number.
Of those who recognised that they have been attacked – the impact on their organisation was significant – both positively and negatively. Positively in that the attack provoked the organisations to change their policies and procedures to allow them to deal with the attack better next time (17%). The negative effects were – loss of revenue, negative PR, and data loss.
Do organisations feel that they have the right balance of skills to protect against a cyber threat in the future?
57% of the respondents felt that they did not have the right balance of skills to protect themselves. But in terms of their main investment into developing skills from within their organisation – employee awareness was the most predominant area of investment for them.
25% of respondents said that they were going to invest in employee awareness and training over the next 12 months, compared to 22% for upskilling their current security teams, and 18% cross skilling their IT teams.
It’s universally known that employees can pose the biggest threat to organisations in terms of their lack of knowledge with cyber security, and therefore become easy targets, so these stats are not surprising.
We advise organisations to never stop investment into cyber security prevention; non-technical employees, and particularly those who handle sensitive data, should be constantly reminded of the newest forms of cyber-attacks, and therefore the investment of time to keep awareness up should be integral to the safety and security your organisation.
Are organisations struggling to recruit suitable cyber security professionals?
Of the organisations who said that they have unfilled security roles there is a clear skills gap – 64% said that they have been unfilled for three months or over. This is quite astonishing and shows that these organisations could be in a vulnerable state as they are failing to fill the roles quickly enough.
Do you think that organisations are making an adequate investment into cybersecurity professional’s salaries?
41% of respondents reported that wages have not changed over the past 12 months, but 43% said that they had increased. 18% of respondents had seen a 5-10% increase in wages over the past 12 months and 8% saw an increase over 10%. This shows that the market is adjusting to the demand vs supply issues, by increasing the wages, to ensure that they retain and attract the right kind of talent.
How is the status of cyber security viewed by different industries?
We surveyed a cross-section of all industries and 56% of the respondents said that they feel the status of the cyber threat landscape is “much worse” in the recent years. This is not surprising and I would have imagined that it would be higher than this given the complexity of the digital landscape and the unknown territory of the IoT.
Is the UK government seen to be doing enough to tackle cyber threats affecting individuals and organisations?
It was re-announced this week by the government, Chancellor Philip Hammond that the government will be investing £1.9 billion into cyber security defences. Our research that was conducted in October showed that 50% of organisations disagree or strongly disagree that the government is doing enough to tackle cyber threats that affect organisations and individuals.
You can view the Government’s website to see what they are doing to support organisations with cybersecurity. It is very clear from this investment, which is on top of 650m in 2013, that the government wants to ensure that the UK is a safe place to conduct digital business.
So, what help do organisations need from government and industry?
Organisations are telling us that they would like some support from government to include more education and awareness of threat (41%), to implement technical defence solutions (37%), more affordable solutions (13%) and more intelligence around the threat (9%).
In terms of industry support – organisations say that they need financial aid, tech improvements, enforcement and legislation.