Worldwide BT survey finds UK business leaders far less concerned with cybersecurity than other nations
UK businesses are failing to properly prioritise cybersecurity defences, leaving them at the risk of attack, according to a new study of seven countries by BT, which says the UK lags behind most of the world – especially the US.
In a survey of 500 IT decision makers, BT found that only 17 percent of UK business leaders see cybersecurity as a major priority, compared to 41 percent in the US. These feelings were reflected at executive level, with more than half of UK respondents stating that their boards underestimated the importance of cybersecurity, significantly lower than the across the Atlantic, where the figure was 74 percent.
“The massive expansion of employee-owned devices, cloud computing and extranets, have multiplied the risk of abuse and attack, leaving organisations exposed to a myriad of internal and external threats – malicious and accidental,” Mark Hughes, CEO of BT Security, said of the results. “The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone.”
The most commonly reported security issues worldwide concerned non-malicious insider threats such as the accidental loss of data, which were reported as a serious threat by 65 percent of respondents. In the UK this fell to 60 percent, with malicious insider threats (such as direct hacking), hacktivism, and organised crime also registering highly with subjects.
US respondents saw similar levels of concern regarding these threats, but also regarded both terrorism and the activity of nation states as major risks to their cybersecurity, with attitudes possibly influenced by the ongoing Snowden revelations concerning alleged spying by the NSA.
The recent spate of major cyberattacks against US businesses may have also contributed to changing attitudes towards company security, with recent assaults on the likes of Target and Microsoft making companies sit up and take notice, demanding better protection for their data. The survey found that 90 percent of respondents at US companies are able to measure the return on investment (ROI) of their cyber security measures, compared to just one in five (21 percent) in the UK.
Train me up
There are also signs that companies stateside are looking to proactively prepare their employees against attack, with the survey finding that 86 percent of US directors and senior decision makers are given IT security training, compared to just 37 percent in the UK.
“As the threat landscape continues to evolve, CEOs and board level executives need to invest in cyber security and educate their people in the IT department and beyond,” added Hughes. “The stakes are too high for cyber security to be pushed to the bottom of the pile.”
Looking ahead, hacktivism and malicious insider threats were perceived to pose the greatest risk to businesses worldwide over the next 12 months, highlighted as the biggest concern by 54 percent and 53 percent of total respondents respectively. In the US this increased to 73 percent and 74 percent respectively, but only 29 percent and 23 percent in the UK, once again showing a major difference in attitude between the two nations.
Globally, terrorism was seen as the threat least likely to pose more risk over the next 12 months, with only 38 percent of respondents worldwide seeing it as the most pressing danger.
Do you know about security? Try our quiz!