Sapsiwai - Fotolia

Financial loss still not a priority for UK IT decision makers

UK chief information officers are more concerned with the loss of sensitive data in the face of increased cyber threats than financial loss, a survey has revealed

Despite the high cost of data breaches, financial loss is still not a priority for IT decision makers in the UK, a survey has revealed.

The average cost of the worst breaches at large UK organisations is between £1.4m and £3.14m, according to the government’s 2015 information security breaches survey conducted by PwC.

But UK CIOs are more concerned with the loss of sensitive data in the face of increased cyber threats, according to a poll of 150 IT decision makers commissioned by Fujitsu.

The research also revealed how IT decision makers are not prioritising how they manage their budgets and that security teams are made up of eight to 10 people, representing a huge investment in people to protect the business from threats.

In addition, the research revealed that 86% of IT decision makers rated security as the most important to their business, and yet more than half of those polled spend less than a quarter of their IT budget on security.

“Any organisation, whatever the size or line of business, could be the next target of an advanced attack; so it is of utmost important for organisations to invest in the right security for their organisation,” said Andy Herrington, head of cyber professional services at Fujitsu.

“By not making security decisions based on the technology required, businesses are making themselves vulnerable,” he said.

According to Herrington, looking at each phase of the cyber kill chain is one way organisations can put themselves in a better position against attackers.

The kill chain model analyses cyber attacks in seven key stages to find ways to detect and disrupt each stage.

Mike Smart, European security strategist at Proofpoint, notes that cyber criminals typically run profit-driven operations that seek a high return on their investments.

“These threat actors combine lower up-front and maintenance costs with higher effectiveness through social engineering and recycling older approaches to create a ‘killer app’,” he said.

“It has never been more important for organisations to prioritise their budgets to ensure enough resources surround the weakest parts of the business, including people, process and technology.”

Read more about risk

According to PwC’s Global state of information security survey 2016 published in October 2015, UK companies are not yet on top of cyber security incidents or their causes.

The study revealed that nearly 10% of UK companies do not know how many cyber security attacks they had in the past year and 14% do not know how they happened.

However, the survey showed that organisations around the world are starting to act and think seriously about cyber security, that there is an increase in awareness of the risk and opportunities, and that more boards are becoming more actively engaged in cyber security preparedness, but are often not involved in critical initiatives – such as security strategy, budget and review of risks.

The PwC survey also revealed there is a growing trend towards more strategic collaboration and response, greater information sharing, greater understanding and visibility of risks, and that there is a steady increase in the number of organisations that embrace external collaboration. According to PwC, these trends need to continue and grow to counter the annual increase in the frequency, severity and impact of cyber attacks.

Read more on IT risk management