UK FIRMS DOUBLE CYBER SECURITY SPENDING BUT MANY STILL STRUGGLE TO DETECT ATTACKS
UK organisations have more than doubled their cyber security spending over the last year, but many still lack proper visibility.
According to research by PwC, spending by UK firms has increased from an average of £3 million in 2015 to £6.2 million in 2016, far exceeding the global average of £3.9 million.
However, 18 per cent still do not know how many cyber attacks they experienced last year, and 17 per cent of those surveyed do not know the likely source of incidents.
This will come of concern to businesses, as the average cost of a security incident has also shot up, from £1.7 million last year to £2.6 million this year.
“We’re beginning to see a shift in thinking,” said Richard Horne, UK cyber security partner at PwC. “Organisations have come to realise that they can’t view cyber security as just a cost or barrier to change given the many high-profile incidents we’ve seen recently.
“Getting security right is not only essential to the day-to-day running of a business, but can even be a competitive advantage, help to drive business growth and build brand trust.”
UK boards are not as involved in security budgeting as their global counterparts. Only a third of UK firms’ security budgets are set by their boards, compared to 39 per cent worldwide.
And only 28 per cent of UK boards are involved in strategy, compared to 43 per cent globally. “Cyber security is far more than just building security controls – it’s about changing your organisation to be securable,” Horne said.
“That requires all aspects of a business to be engaged, to make tough decisions at board level, and embed consideration of cyber security risk in all decision-making processes.
“It’s not just about having more budget to buy more technology to patch cyber security holes. UK organisations need to take a more strategic approach to how they spend their increased budgets to start to see a real uptick in security posture.”
There was plenty in the report to trouble businesses, with the number of security incidents UK firms face increasing 23 per cent in the last year to 5,792. The biggest cause of cyber security breaches – making up 37 per cent of the total – was phishing incidents.
Despite 79 per cent of UK businesses suffering downtime because of security incidents, the number taking out cyber insurance has actually dropped from 59 per cent to 38 per cent in the last year, compared to the global figure of 53 per cent.