PROSPER MAGAZINE: ISSUE 01 | CYBERSECURITY
CYBER ATTACKS RANKED AS MAIN BUSINESS ISSUE WITH FIRMS STALLING ON CYBERSECURITY
UK ORGANISATIONS ARE FAILING TO MAKE PROGRESS TOWARDS STRONG CYBERSECURITY AND ARE FACING PARALYSIS AS CYBER CRIMINALS BECOME MORE ADVANCED.
This is the conclusion drawn from the findings of the 2019 Risk: Value report – ‘Destination standstill. Are you asleep at the wheel?’ – from NTT Security, the specialised security company and centre of excellence in security for NTT Group.
Examining the attitudes of non-IT decision-makers to risk and the value of security to their business, NTT Security’s report focused on C-level executives and other senior influencers across firms in 20 countries in order to assess their preparedness in this area.
UK respondents demonstrated that they are aware of the risks posed by cyber threats, with over half ranking cyber attacks on their organisation as one of the top three issues that could affect businesses in the next 12 months – second only to potential ‘economic or financial crisis’. While global organisations rank ‘loss of company data’ in third place, in the UK, 44% felt that cyberattacks on critical infrastructure is a far greater threat with vulnerable components of critical national infrastructure, telecoms, energy and electricity networks taking first, second and third place.
Almost all of UK respondents indicated that strong cybersecurity is important to their business over the next 12 months with a high proportion further stating that they believe cybersecurity has a big role to play in society. In addition, strong cybersecurity enabled UK-based businesses to ‘ensure the integrity of their data’ and ‘ensure only the right people have access’ to this data, indicating that it ‘helps protect the brand’.
NTT Security analysed the responses for good and bad practice in cybersecurity with the results pointing to a worrying lack of progress globally over the last two years and almost a third of these demonstrating more poor practice approaches than good ones.
In comparison to other countries, India was cited as the best performing for cybersecurity whilst the performance of France and Germany has worsened over the last 12 months. In terms of sectors; those businesses operating within the financial services, telecommunications, chemicals, pharmaceuticals, oil and gas and healthcare industries across the globe all cast doubts on the resilience of critical national infrastructures.
Commenting on the 2019 findings, Azeem Aleem, VP Consulting from NTT Security, says: “The Risk: Value report is an interesting barometer based on responses from those sitting outside of the IT function – and is often very revealing. What’s clear is that the world around them is changing, and changing fast, with the introduction of new regulations, integration of new technologies and fast-paced digital transformation projects changing the way we work. What’s concerning though is that organisations seem to have come to a standstill in their journey to cybersecurity best practices – and it’s particularly worrying to see UK businesses falling behind in some critical areas like incident response planning.
“Decision makers clearly see security as an enabler; something that can help the business and society in general. But while awareness of cyber risks is high, organisations still lack the ability, or perhaps the will, to manage them effectively. The execution of cybersecurity strategies must improve, or business risk will escalate for the organisations concerned.”
Reasons which pointed to why firms in the UK are lagging behind other countries and failing to take on board best practice included cost factors - a third of British firms indicated that it would be cheaper for them to pay somebody who had hacked into their systems rather than invest in tighter security with a further third feeling that paying a hacker was often more cost beneficial than paying non-compliance fines due to result data regulation breaches.
Similarly, security budgets in this country are failing to keep up with the increasing cyber risk - with the amount of money allocated to the IT operations budget is slightly smaller than they were last year. Whilst UK respondents revealed that 70% had a formal security policy in place (compared to a global average of 58%) this figure was down on the 77% cited in last year’s study and of these; almost half admitted that they believed their employees were actually aware of the policy and its details.
With the report highlighting that time and money spent on recovering from cyber breaches is rising year on year (taking just under 100 days to recover and costing firms over £1 million); these trends should be a wake-up call to businesses in the UK that they should be doing more in their preparation for cybersecurity attacks and ensure that their teams understand more and make this a priority.