UK businesses rely on traditional defences to ward off cyber attack

Most UK businesses are confident they are protected from cyber attacks, despite acknowledging that attackers are innovating faster than they are, a study has revealed.

Most UK businesses are confident they are protected from cyber attacks, despite acknowledging that attackers are innovating faster than they are, a study has revealed.

The first cyber security monitor survey by IT consultancy Detica found 94% of large UK businesses believed they are protected from cyber attacks, but 82% agree that cyber criminals are innovating at a faster pace than business security.

The study questionned over 50 private sector companies with turnover of more than £350m. It found that 92% see cyber criminality as a growing menace, with 60% admitting that a successful cyber attack would affect their organisation's competitiveness.

Top of respondents' list of concerns about the consequences of cyber attacks are the loss of customer data (56%) and the reputational damage sustained through the exposure of internal decision making processes (52%).

But, despite a £650m government investment in cyber security and recent high-profile cyber attacks such as the Wikileaks backlash attacks, the study shows the true extent of the cyber threat may be severely underestimated by organisations.

A sizeable 40% of respondents described their organisation's risk of targeted cyber attacks as "very low" or "fairly low". Another 40% rated the risk as "medium", 14% said the risk was "high", and only one rated the risk as "very high".

Top defences listed were firewall (39%), anti-virus and anti-malware (22%), e-mail scan and web filtering (17%), but none mentioned behavioural anomaly detection systems.

In addition, many firms remained unconcerned about the direct commercial risks of a cyber attack. Only 18% said theft of IP and other commercially sensitive data such as pricing, bid information and strategic plans was a concern.

Henry Harrison, technical director for Detica, said it was surprising that the vast majority of respondents believed they were adequately equipped to deal with a direct cyber attack, as the most commonly quoted forms of IT security in the survey - firewalls and anti-virus software - leave many organisations vulnerable.

Companies increasingly need to go beyond the firewall to guarantee the integrity of their commercial and customer data, he said.

"This threat isn't simply going to go away, and cyber risk should be addressed around the Board table - it isn't just the preserve of governments and the military," said Harrison.

Other key findings
Companies view their employees almost as likely to mount a cyber attack on their IT systems as professional fraudsters or criminal groups
30% thought their business was at risk of being hacked by state sponsored spies
52% believe the UK government should do more to help business combat cyber crime, with 34% wanting greater investment in law enforcement
50% said there was a strong business case for improving their cyber defences
69% of organisations outsource all or part of their IT security

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.