Six months after the launch of the UK government’s Cyber Security Strategy, 85% of businesses say they expect the number of cyber attacks to increase in the coming years, a survey shows.
Only 6% believe the number of cyber attacks will remain constant and 4% expect it to decrease, according to Detica’s 2012 Cyber Security Monitor.
Those companies that have estimated the likely financial impact of a targeted cyber attack consider it to be substantial, with a third estimating the cost to be more than £50m.
Some 61% of respondents said they think it would take an attack on their company or a competitor for their board to take the risk of cyber attacks more seriously.
There is some evidence of growing uncertainty, with those who say they are very confident dropping markedly, from 34% to 22% since the last survey.
However, there appears little willingness to admit real vulnerability, with 89% of respondents describing themselves as fairly confident (67%) or very confident (22%) that they are well-equipped to prevent targeted attacks, compared with 94% in 2010.
Despite this overall level of confidence, appetite for engagement with the government is strong, suggesting companies believe there is still much to be understood, said Detica.
Just over a quarter of businesses said they are already engaged with government, with a further 49% saying they would be interested in engaging, but have not done so yet.
Those not currently engaged with the government around cyber security said further information (10%) and assurances of the benefits (11%) would encourage greater collaboration.
“2011 has clearly led businesses to re-evaluate the level of cyber threat and impact, but it seems they are slower to recognise their true level of vulnerability," said Henry Harrison, technical director at BAE Systems Detica.
However, he said raised awareness about cyber risk has increased the private sector’s desire for collaboration with the government to formulate responses to this rapidly growing challenge.
"Given the remaining scepticism about the level of vulnerability to the threats businesses face, there is a clear incentive for government to step up its cyber security efforts in this area," said Harrison.
The survey revealed that the increase of high-profile cyber attacks in 2011 has made businesses wary of organised criminal groups and professional fraudsters, with 73% of respondents saying these criminals are the most likely to mount a targeted cyber attack, up from 58% in 2010.
Businesses are less concerned about attacks from their own employees, down to 42% compared with 56% the year before. But 28% felt that state-sponsored spies were likely to mount a targeted attack and, of those concerned about industrial espionage (43%), more than half (56%) are worried about state-sponsored spies.
“We’d urge businesses to remain cautious and to evaluate their defences, rather than waiting until they are attacked before acting," said Harrison.
“We’ve seen a growing number of businesses lock the door after the horse has bolted. We want to ensure that 2011 isn’t the beginning of a decade of our cyber adversaries staying ahead of us. Let’s hope businesses’ confidence in their defences is merited," he said.