Cyber-attacks pose the number one threat for UK businesses, according to a new survey released by an audit firm. Under cyber-attack, EY’s 16th annual Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvasses the opinion of over 1,900 senior executives globally. Pictured: a piece of street graffiti in Brighton.
In the UK, 66 per cent of respondents report the number of security incidents within their organisation has increased by at least 5pc over the last 12 months. Many have realised the extent and depth of the threat posed to them; resulting in information security now being ‘owned’ at the highest level within 62pc of the organisations surveyed.
Mark Brown, Information Security Director at EY says: “This year’s results show that while businesses are faced with a rising number of security breaches, budget constraints and talent shortages mean that they fail to put in place those systems that match their needs.
“As a result, for UK businesses, this is no longer an issue of whether they will be attacked – the reality is that organisations need to now focus their efforts on determining when the attack took place and identifying that they fell victim to the cyber threat in the first place.”
With just a quarter of respondents planning to increase their budget by 5% or more in the next 12 months, enabling them to channel more resources toward innovating solutions that can protect them, 69pc of information security professionals continue to feel that their budgets are insufficient and cite them as their number one challenge to operating at the levels the business expects. Although information security is focusing on the right priorities, in many instances, the function doesn’t have the skilled resources or executive awareness and support needed to address them.
In particular, the gap is widening between supply and demand, creating a sellers’ market, with 66pc of respondents citing a lack of skilled resources as a barrier to value creation. Similarly, 28pc of participants indicated a lack of executive awareness or support as an issue.
Mark adds: “A lack of skilled talent is a global issue. It is particularly acute in the UK, where Government and companies are fiercely competing to recruit the brightest talent to their teams from a very small pool. As a result, while organisations feel they are addressing the right priorities, many indicate that they do not have the skilled resources to support their needs.”
Mark concludes: “Organisations must undertake more proactive thinking, with tone-from-the-top support. Greater emphasis on improving employee awareness, increasing budgets and devoting more resources to innovating security solutions is needed. The pace of technology evolution will only accelerate – as will the cyber risks and by not considering risks until they arise gives cyber attackers the advantage, jeopardizing an organisation’s survival.”
For further information and to download the 2013 report, visit www.ey.com/GISS
