Today, new research has revealed that less than half (41%) of UK organisations believe they have the right security technologies to adequately protect information assets and IT infrastructure. The poll pinpoints an inability to control employees’ use of devices and apps at the centre of current UK cybersecurity concerns.
The global research – commissioned by Citrix and carried out by Ponemon Institute with 445 UK IT decision makers – provides a snapshot of UK organisations’ current security posture as well as the main concerns for IT decision makers tasked with maintaining adequate security across the business.
Outdated security leaves UK businesses vulnerable to threats
The study found that over three quarters (76%) of UK organisations believe some of their existing security solutions are outdated and inadequate while 86% acknowledge that a new IT security framework is needed to improve security posture and reduce risk.
Despite widespread concerns around system vulnerability, just one in three (37%) UK organisations claim their senior leadership views cybersecurity as a strategic priority. Yet leadership buy-in is considered as important by many IT departments: around one third (32%) of UK organisations believe an increase in executive-level support would reduce risk and improve overall organisational security posture.
BYOD and ‘shadow IT’ concerns
The poll also revealed significant worries around the shift to mobile working. Over two thirds (69%) of respondents believe the trend for more employees working outside the office is a risk to IT security infrastructure. Further findings explain why this concern is rife across UK organisations. Just one-third (33%) of UK companies have a secure mobile strategy for bring your own device (BYOD) schemes, whilst six in ten (60%) admit employees or contractors use third-party apps for file sharing or productivity which are not sanctioned by IT. In fact, when considering cloud services and infrastructure, 89% of UK businesses believe they pose a risk to the IT security infrastructure – compared to just 57% of US respondents.
The ‘millennial’ threat
A large proportion of employee-related risk is thought to come from millennials: 71% of IT leaders think that more millennials in the workplace create a greater risk to IT security infrastructure. In fact, almost two thirds (62%) believe 18-34 year olds pose the greatest risk to sensitive and confidential data in the workplace. For two fifths (40%) of respondents, the primary concern around the risks posed by millennials is their use of unapproved apps and devices in the workplace.
Investing in effective cybersecurity
Over half (51%) of UK organisations are expecting their information security budget for 2017 to increase from last year, providing an opportunity to invest in security solutions which can address current fears around shadow IT and outdated infrastructure. Yet, over two thirds (69%) of respondents claim their company has previously made investments in IT security technology which were not successfully deployed. This creates additional pressure for any investments in 2017 to effectively tackle the main threats jeopardising organisational security posture today.
Chris Mayers, chief security architect, Citrix, said:
“These findings raise fresh questions around C-level engagement in the UK when it comes to IT security. Every company should view their data as a key asset today – but our research suggests this is not the case. With UK organisations facing a growing and complex cyber security landscape, our data clearly demonstrates a need to place an onus back on strong cyber hygiene to effectively protect corporate information.
“Employees need technology which enables them to work in a productive manner and, for a large majority of organisations, this means being able to access corporate data and apps from any device and at any time. To combat current concerns around BYOD and shadow IT, businesses must look to invest in robust technology that is secure-by-design in order to protect sensitive business information wherever it is being accessed.”