Only four per cent of UK businesses are confident that their information security functions fully meet their needs.
According to a survey of 1,900 global senior executives by EY, 66 per cent of respondents said that the number of security incidents within their organisation has increased by at least five per cent over the last 12 months, while 52 per cent of organisations do not have the capability to assess the impact to their information security by emerging technologies.
Mark Brown, information security director at EY, said: “Tthis is no longer an issue of whether they will be attacked – the reality is that organisations need to now focus their efforts on determining when the attack took place and identifying that they fell victim to the cyber threat in the first place.
“A lack of skilled talent is a global issue. It is particularly acute in the UK, where Government and companies are fiercely competing to recruit the brightest talent to their teams from a very small pool. As a result, while organisations feel they are addressing the right priorities, many indicate that they do not have the skilled resources to support their needs.”
The survey also found that 69 per cent of respondents feel that they are too tied by budget constraints, while a lack of skills was blamed by 66 per cent.
Brown said: “Organisations must undertake more proactive thinking, with tone-from-the-top support. Greater emphasis on improving employee awareness, increasing budgets and devoting more resources to innovating security solutions is needed.
“The pace of technology evolution will only accelerate – as will the cyber risks and by not considering risks until they arise gives cyber attackers the advantage, jeopardising an organisation’s survival.”