Most UK businesses are confident they are protected from cyber attacks, despite acknowledging that attackers are innovating faster than they are, a study has revealed.
The first cyber security monitor survey by IT consultancy Detica found 94% of large UK businesses believed they are protected from cyber attacks, but 82% agree that cyber criminals are innovating at a faster pace than business security.
The study questionned over 50 private sector companies with turnover of more than £350m. It found that 92% see cyber criminality as a growing menace, with 60% admitting that a successful cyber attack would affect their organisation's competitiveness.
Top of respondents' list of concerns about the consequences of cyber attacks are the loss of customer data (56%) and the reputational damage sustained through the exposure of internal decision making processes (52%).
But, despite a £650m government investment in cyber security and recent high-profile cyber attacks such as the Wikileaks backlash attacks, the study shows the true extent of the cyber threat may be severely underestimated by organisations.
A sizeable 40% of respondents described their organisation's risk of targeted cyber attacks as "very low" or "fairly low". Another 40% rated the risk as "medium", 14% said the risk was "high", and only one rated the risk as "very high".
Top defences listed were firewall (39%), anti-virus and anti-malware (22%), e-mail scan and web filtering (17%), but none mentioned behavioural anomaly detection systems.
In addition, many firms remained unconcerned about the direct commercial risks of a cyber attack. Only 18% said theft of IP and other commercially sensitive data such as pricing, bid information and strategic plans was a concern.
Henry Harrison, technical director for Detica, said it was surprising that the vast majority of respondents believed they were adequately equipped to deal with a direct cyber attack, as the most commonly quoted forms of IT security in the survey - firewalls and anti-virus software - leave many organisations vulnerable.
Companies increasingly need to go beyond the firewall to guarantee the integrity of their commercial and customer data, he said.
"This threat isn't simply going to go away, and cyber risk should be addressed around the Board table - it isn't just the preserve of governments and the military," said Harrison.
|Other key findings|
|Companies view their employees almost as likely to mount a cyber attack on their IT systems as professional fraudsters or criminal groups|
|30% thought their business was at risk of being hacked by state sponsored spies|
|52% believe the UK government should do more to help business combat cyber crime, with 34% wanting greater investment in law enforcement|
|50% said there was a strong business case for improving their cyber defences|
|69% of organisations outsource all or part of their IT security|