View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 5, 2016updated 25 Oct 2016 1:26pm

Security budgets double but UK business still in the dark when it comes to cyber-attacks

Despite UK businesses doubling spend on security budgets, companies are still in the dark as to how many cyber-attacks are hitting their business.

By Ellie Burns

According to PwC’s  annual Global State of Information Security Survey 2017, UK businesses are spending £6.2m on average (2015: £3m), and over one and a half times more than their global counterparts (average spend £3.9m) on security budgets. Nearly a fifth, however, don’t know how many cyber-attacks they experienced last year and 17% of all respondents don’t know the likely source of breaches and security incidents.

The findings should prove a massive wake-up call to businesses, especially as security incidents now cost organisations an average of £2.6m – up from £1.7m last year. Not only is the cost of security incidents rising, but the volume of attacks are evolving and also increasing in number. Security incidents targeting UK companies increased by 23% in the last year to 5,792, with phishing still the most effective attack method with 37% of breaches blamed on phishing attacks.

Richard Horne, UK cyber security partner at PwC, argues that executives can no longer afford to take a passive approach to protecting their assets, saying:

“We’re beginning to see a shift in thinking. Organisations have come to realise that they can’t view cyber security as just a cost or barrier to change given the many high profile incidents we’ve seen recently.

“Getting security right is not only essential to the day-to-day running of a business, but can even be a competitive advantage, help to drive business growth and build brand trust.”

cyber security - cyber attacks

However, this means that UK boards need to get more involved – a huge task as the report shows that the UK is falling behind other countries when it comes to board engagement. Only a third of UK companies have the board involved in setting security budgets compared to the 39% global average, and even fewer (28%) partake in the strategy (42.5% globally).

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“That requires all aspects of a business to be engaged, to make tough decisions at board level, and embed consideration of cyber security risk in all decision-making processes,” said Mr Horne.

“It’s not just about having more budget to buy more technology to patch cyber security holes. UK organisations need to take a more strategic approach to how they spend their increased budgets to start to see a real uptick in security posture.”

The report also put the spotlight on the apparent lack of cyber insurance take-up, with this year’s study showed a decrease in the number of UK companies who are investing in cyber insurance. In the previous study, 59% had a cyber insurance policy, but in the last year this has decreased to only 38% of respondents reporting to have one, with 10% of these not even knowing what it covers.

UK organisations were also found to be quite reluctant in sharing security information, with only 40% collaborating with others to reduce future risks, compared to over half across Europe (52%) and globally (55%).

“UK companies remain wary about sharing security knowledge, but working with partners within a particular industry can significantly improve threat intelligence awareness and an organisation’s ability to spot potential incidents before they escalate,” said Mr Horne.

“The organisations that get their approach to cyber security right are the ones that will prosper, build trusted brands and sustained value.”

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.