Out-Law / Your Daily Need-To-Know

UK trails in big business cyber-security awareness rankings

Out-Law News | 12 Feb 2014 | 11:26 am | 2 min. read

Fewer than a fifth of UK business leaders view cyber security as a "major priority", according to new research undertaken by BT.

The telecoms giant commissioned a survey of 500 IT decision makers in medium or large organisations in finance, pharmaceutical, retail and government sectors and based across seven different countries.

The findings revealed that whilst 41% of US respondents believe the chief executive of their organisation prioritise cyber security, just 17% of UK counterparts thought likewise of their chief executives' attitude towards the issue.

More than half of business leaders in Brazil (52%) view protection against cyber attacks as an "absolute priority", compared with 34% in Singapore, 23% in France, 22% in Hong Kong and 19% in Germany, according to the study.

On average across the seven countries, 58% of the IT decision makers believe that the importance of cyber security is being underestimated in their organisations' boardroom.

An overhaul of existing IT infrastructure is on the wish list of 75% of survey respondents. They said they would like to "design them with security features from the ground up". A similar number of IT decision makers (74%) said they want to train all staff in their organisation in "cyber security best practice", and 54% said they wanted to outsource system monitoring services to external suppliers so as to "prevent attacks".

The study also revealed a contrast in attitudes between US and UK-based IT decision makers towards specific types of cyber security threats faced by organisations. According to BT, 85% of IT decision makers in the US view the risk of "non-malicious insider threats" materialising as "severe", compared to 60% of their UK equivalents. The accidental loss of data by a staff member is one example of a 'non-malicious insider threat'.

In addition, 79% of US IT decision makers view malicious insider threats, such as intentional leaks of information, as posing a severe risk, compared with 51% of UK IT decision makers.

The UK respondents were also generally less concerned than those from the US about the threat of 'hacktivism' - politically motivated hacking, organised crime, terrorism and attacks from nation states, according to BT's research.

On average, more than half of IT decision makers across all seven countries surveyed said they think the risk of hacktivism and malicious insider threats is likely to grow over the next year, however in the UK fewer than a third and a quarter of respondents respectively held this view.

"The massive expansion of employee-owned devices, cloud computing and extranets, have multiplied the risk of abuse and attack, leaving organisations exposed to a myriad of internal and external threats – malicious and accidental," Mark Hughes, chief executive of BT Security, said. "US businesses should be celebrated for putting cyber security on the front foot. The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone."