Almost ten per cent of UK businesses are unaware if they have suffered a data breach in the past 12 months, while almost a quarter have not detected any security breaches in the past year.
According to the latest Global State of Information Security report by PwC, which interviewed 9,805 executives from more than 154 countries, 69 per cent of companies experienced a security incident in the UK in the past 12 months, while the number of reported security incidents around the world rose 48% to 42.8million, the equivalent of 117,339 attacks per day in 2013.
Over 22 per cent of the UK companies surveyed say they did not detect any security incidents in the past year.
Scott Gordon, CMO of Forescout, told IT Security Guru that this reflected statistics it released in the summer, but it found that 90 per cent of businesses had experienced a security incident. “The fact that it relates and the fact that they do not know makes sense as if you are not monitoring and cannot see it, you don’t know that there is an issue as you have no control of your estate, and the ramifications for remediation and forensics will have a significant cost,” he said.
More than half (55 per cent) of UK companies say they plan to spend more on security this year, compared with 42 per cent last year, while a further 33 per cent of companies report their spending will stay the same. The rest either plan to cut back on spend or don’t know what they will do.
Gordon said that ignorance is no longer bliss, as not being attacked is no longer the new normal, but the ability to contain and remediate is essential. “You need to align your physical and legal attributes, PR, forensic investigators and it is about bringing the whole business together and having a data breach plan, and being more reactive. This is how Target dealt with better than Home Depot,” he said.
Leadership was cited by 30 per cent of respondents as the biggest obstacle to improving the overall effectiveness of the security function. Over a quarter of respondents (29 per cent) do not think there is a senior executive who proactively communicates the importance of information security, up from last year.
Richard Horne, cyber security partner at PwC, said: “Cyber threats continue to evolve and no organisation can stand still. Businesses in all sectors need to prepare and refine their defences – and respond to breaches – against incredibly sophisticated attacks. This is a risk that can be managed, but it requires continual focus, leadership and commitment – not just to prevent breaches but also to detect and respond to incidents rapidly when they happen.”
Cyber insurance is one area where companies can look to protect themselves from theft or misuse of data. Over half of UK companies have cyber insurance, but another 17 per cent did not know whether they had any cyber insurance policies in place.
Ira Scharf, chief strategy officer at BitSight Technologies, said: “I’m not surprised by the statistic. Cyber insurance is one of the fastest growing segments of the insurance industry. Companies are looking to protect themselves in the wake of the rising trend of high profile cyber breaches, and cyber security has become one of the most important topics among corporate executives and at the corporate board level.
“Executives are looking for a clearer understanding of how secure the
y are from a cyber security perspective, and whether or not they have adequate cyber insurance protection in the event of a high profile breach.”