santiago silver - Fotolia
The good news is that more businesses are aware of the risks that are posed by cyber security but there continue to be concerns about the failure to fend off old threats and make sure that policies are made to stick.
Of course all of that spells an opportunity for those in the channel able to step in and fill in the blanks for customers. NTT Com Security has produced its annual risk report and found that the stakes for firms of all sizes have increased as the chances of being attacked have now become inevitable.
To get a good opinion of what is really happening out there NTT Com Security canvassed the opinions of those working in customers outside of the IT department and found that security is not just an issue confined to the techies and thanks to the numerous headlines about breaches more people are understanding the issues.
Stuart Reed, senior director, global product marketing at NTT Com Security, said that it was encouraging to see the attitudes to risk shifting and added that it was little surprise given the number of breaches in the last year.
"There really does seem to have been a mindset change in terms of business decision makers attitude to risk and risk management. This time round when we asked questions around the greatest risks to their organisation, information security came out about the fifth thing on their agenda. It has gone up the ranks because last time we asked it was not in the top ten," he said.
"There is very much a mentality of it's not if but when they will be breached," There is a general expectation from the respondents, two thirds, that said they expected to be breached at some point."
But while that was a positive the slight disappointment for Reed was that a number of the threats that were two to four years old, which suggested that some firms still needed to put the basics in place.
"It shows there is a thought process at work there that they are putting something in should the worst happen. But from our perspective it is very wise to have a response plan in place but we want to be careful about being proactive and keeping the basics in place and being reactive," he said.
"It is encouraging that organisations are implementing or have implemented an IT strategy policy but we need to make sure that the focus is not just on that policy and procedures and the implementation of that and best practice," he added.
NTT Com Security also went slightly further in trying to put a figure to the damage that a breach causes a UK firm. The report concluded that to recover from a breach could cost a business upwards of £1.2m.
That is a figure that should provide the channel with some persuasive ammunition for those looking to get customers to talk about risk management and help give some urgency to the education.
"When we talk to clients, we make it clear that educating staff about security should be a top priority, supported by clear, simple procedures and backed up by a solid incident response plan," said Reed.