View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 3, 2016updated 04 Sep 2016 10:36pm

UK firms under cyber attack threat due to lack of cyber resilience

News: Lack of planning and leadership limiting firms’ cyber resilience, study finds.

By Charlotte Henry

Over two thirds of UK organisations are not sufficiently cyber resilient, new research has revealed.

The Ponemon Institute has found that 71% of UK organisations rate their cyber resilience as low, which reveals that the majority of organisations in the country are not sufficiently prepared to handle cyber attacks.

Just 29% of organisations said that they had a high level of cyber resilience, while just 36% said they were confident in their ability to recover from a cyberattack.

One of the major reasons why the level of cyber resilience amongst firms is so low is a lack of planning and preparedness. 61% said that insufficient planning was the greatest barrier to cyber resilience.

76% said that an incident response plan is the most important governance practcie, but 43% of organisations are not prepared to respond to a cyber security incident. 39% have an "ad hoc" CSIRP, or do not apply across the organisation.

Other key issues identified as barriers to cyber resilience were insufficient awareness, analysis, and assessment, which was cited by 55%, and complexity of business processes, which was cited by 51%.

Accountability within organisations was another key issue exposed in the survey. 14% said nobody within their organisation had overall responsibility for making it resilient to cyber attacks. 19% said it was the responsibility of the CIO, and 17% said it was down to the business unit leader.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The lack of leadership and responsibility also means that collaboration within organisations is poor. Just 15% of respondents said collaboration was excellent, whereas 32% said it was poor or non-existent.

65% of the respondent said that they did not have the right staffing and funding levels to achieve a high level of cyber resilience, with an average of 23% of the IT security budget being allocated to it amongst the firms surveyed.

This could be because company leadership do not see the issue as important. 56% said that the leaders in their organisations do not recognise that cyber resilience effects enterprise risk and brand image.

The privacy and security organisation surveyed 450 IT and security executives, for its Learning to Thrive against Threats report, which was authored by the firm’s founder Larry Ponemon.

"Despite the growing importance of cyber resilience, the research shows serious issues that need to be addressed if UK organisations are to survive the next wave of cyberattacks," said Larry Ponemon. "Until cyber resilience becomes a coordinated, organisation-wide effort and the necessary technology and processes are put in place, organisations will remain vulnerable," he said.

The issue of cyber resilience has become an increasing priority in recent times. Chairman of the influential Commons Treasury select committee Andrew Tyrie has published letters to the bosses of some of the country’s top banks urging them to make their IT systems more resilient.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.