Inadequate infrastructure, lack of leadership buy-in and shadow IT fears leave UK businesses exposed to cyber risk, it is claimed. A poll points to an inability to control employees’ use of devices and apps.
Global research – commissioned by Citrix and carried out by the US-based Ponemon Institute – provides a snapshot of UK organisations’ security posture as well as concerns for IT decision makers tasked with maintaining IT security across the business. The study found that over three quarters (76pc) of UK organisations believe some of their existing security solutions are outdated and inadequate while 86pc acknowledge that a new IT security framework is needed to improve security posture and reduce risk.
Despite widespread concerns around system vulnerability, just one in three (37pc) UK organisations claim their senior leadership views cybersecurity as a strategic priority. Yet leadership buy-in is considered as important by many IT departments: around one third (32pc) of UK organisations believe an increase in executive-level support would reduce risk and improve overall organisational security posture.
BYOD and ‘shadow IT’
The poll also found significant worries around the shift to mobile working. Over two thirds (69pc) of respondents believe the trend for more employees working outside the office is a risk to IT security infrastructure. Further findings explain why this concern is rife across UK organisations. Just one-third (33pc) of UK companies have a secure mobile strategy for bring your own device (BYOD) schemes, whilst six in ten (60pc) admit employees or contractors use third-party apps for file sharing or productivity which are not sanctioned by IT. In fact, when considering cloud services and infrastructure, 89pc of UK businesses believe they pose a risk to the IT security infrastructure – compared to 57pc of US respondents.
The ‘millennial’ threat
A large proportion of employee-related risk is thought to come from millennials: 71pc of IT leaders think that more millennials in the workplace create a greater risk to IT security infrastructure. In fact, almost two thirds (62pc) believe 18-34 year olds pose the greatest risk to sensitive and confidential data in the workplace. For two fifths (40pc) of respondents, the primary concern around the risks posed by millennials is their use of unapproved apps and devices in the workplace.
Investing
Over half (51pc) of UK organisations are expecting their information security budget for 2017 to increase from last year, providing an opportunity to invest in security which can address fears around shadow IT and outdated infrastructure. Yet, over two thirds (69pc) of respondents claim their company has previously made investments in IT security which were not successfully deployed. This creates additional pressure for any investments in 2017 to effectively tackle the main threats jeopardising organisational security posture today.
Chris Mayers, chief security architect, Citrix, said: “These findings raise fresh questions around C-level engagement in the UK when it comes to IT security. Every company should view their data as a key asset today – but our research suggests this is not the case. With UK organisations facing a growing and complex cyber security landscape, our data clearly demonstrates a need to place an onus back on strong cyber hygiene to effectively protect corporate information.
“Employees need technology which enables them to work in a productive manner and, for a large majority of organisations, this means being able to access corporate data and apps from any device and at any time. To combat current concerns around BYOD and shadow IT, businesses must look to invest in robust technology that is secure-by-design to protect sensitive business information wherever it is being accessed.”
Methodology
The research, by Ponemon Institute and sponsored by Citrix, looked at global trends in IT security risks and featured more than 4200 IT and IT security practitioners across 15 countries; some 445 IT decision makers were surveyed in the United Kingdom.
