Computer Weekly writes a lot about cyber security – it’s the easily most popular topic among our readers, and always rates as one of the top priorities in our annual survey of IT professionals. None of that will come as a surprise.
But some weeks certain stories come together to bring an insight into the challenges facing organisations in this area.
A global survey published this week showed two-thirds of 1,300 senior executives interviewed ranked cyber security among their organisations’ top five risk management priorities – approximately double the response to a similar question in 2016.
However, only 19% of respondents said they are highly confident in their organisation’s ability to mitigate and respond to a cyber event, while only 30% said they have developed a plan to respond to attacks.
Consider those findings against a separate survey, that showed the cost of cyber crime is now up to 0.8% of the global economy or $600bn a year – up from 0.7% in 2014, an average rise of 11.3% a year. Note also that Europe suffers the highest economic impact of cyber crime, estimated at 0.84% of regional GDP, compared with 0.78% in North America.
Business executives clearly recognise the importance of cyber security – and are feeling it financially – but have neither the confidence nor the plans to tackle the problem.
Look also to the public sector, where a survey of 500 people in the UK found that 49% were “wary” of sharing their information on public sector websites.
Meanwhile, an investigation by privacy campaigners Big Brother Watch showed that local authorities are being hit by an average of 19.5 million cyber attacks a year. That equates to 37 attacks or attempted breaches every minute on councils that are accumulating growing amounts of sensitive and personal information about citizens.
The report revealed an “overwhelming failure” by councils to report losses and breaches of data, as well as shortcomings in staff training. Over the last five years, 114 councils suffered at least one breach and 25 had a loss of data, but more than half of those incidents went unreported.
Can you blame citizens for being worried about how their personal data is being handled?
Add one further survey to the mix – 70% of organisations said they need cyber security skills, but only 43% said they already had such skills in place.
It’s reassuring to see the growing awareness of IT security risks – among executives and the public. But the gap between understanding and capability is not shrinking in response – in many cases, it’s growing.
Organisations need to turn awareness into action, otherwise the cost of cyber attacks will become a recurring and accepted cost of simply doing business – and it’s the privacy of our personal data that will suffer as a result.