One in three business leaders expect cyber security breaches in next 12 months
More than a third of C-suite executives believe cyber security breaches at their organisations are likely to happen over the next 12 months, according to a report.
A survey by CGI, combined with research from the Centre for Economics and Business Research showed that 38 per cent of those in the telecoms, utilities, financial services and retail sectors think they will suffer an incident over the next year.
These businesses estimate that if their most valuable data was lost or corrupted the average total cost over a one-year period would amount to £1.2 million. 30 per cent of boardrooms in these sectors still view cyber security as an IT issue, and just 35 per cent say their boards have high levels of personal security expertise.
Worryingly, this drops to 23 per cent for non-executive directors, the report said. While 81 per cent of firms have increased cyber security scrutiny following recent breaches, 48 per cent say it only appears on boardroom agendas “every few months”.
38 per cent say responsibility for cyber security lies with their CEOs, while 31 per cent look to their CIOs and only three per cent empower a specialist CISO.
With a lack of in-house knowledge, boards in these sectors rely on external cyber expertise for 15 per cent of their requirements on average, while 68 per cent say they plan to spend more on external consultants over the next few years.
But less than half of UK boards are confident in the IT security advice they receive today.
“UK boardrooms are struggling to get a handle on the cyber security issue,” said CGI’s UK head of cyber security Andrew Rogoyski.
“Boards know it is a risk but are uncertain in their approach, often failing to prioritise spend on cyber security. Unless more is done to improve understanding and governance at the highest level we can expect to see more high-profile breaches.”
Earlier this month, a report from Dell showed that although nearly three quarters of decision makers agree data security is a priority for their executives, one in four of them do not find their C-suite to be adequately informed about data security issues.