lolloj - Fotolia

UK firms neglecting cyber security, say 74% of IT managers

Most UK firms lack the time and resources to ensure adequate cyber security and data protection, according to a survey of IT managers

UK businesses are failing to protect themselves against the threat of cyber attacks and data breaches because of a lack of IT resource, according to research by business service provider Office Depot

A survey of 500 IT managers at large UK enterprises revealed that 74% do not think their company is doing enough to ensure cyber security and data protection, and 81% said they would benefit from having more time and resources to address these risks.

On average, IT managers said more than one-third of their time is consumed by dealing with low-level hardware and software issues, such as fixing printing equipment, document recovery and troubleshooting, which means insufficient time is devoted to more complex tasks, such as data security.

Allocation of these low-level tasks to senior IT professionals costs businesses a total of more than £4.2bn a year, which Office Depot said could be spent on addressing core business risks if resource were better managed.

“Empowering senior IT staff to address the complex challenges posed by cyber security threats and legislation surrounding data protection must be a priority for businesses,” said Rob Jones, head of managed print services at Office Depot.

“Delegating and outsourcing low-level tasks such as management of a firm’s printing function or hardware maintenance is essential to free up time for skilled IT staff to address these risks.”

Intelligent outsourcing and procurement had numerous benefits, said Jones. “Time is money, and technology specialists should be encouraged to complete higher-value tasks.

“For business leaders, the financial benefits of outsourcing and the potentially catastrophic consequences of a cyber attack or data breach must act as a call to action to devote greater resource to information security.”

Read more about information security skills

As well as the financial benefits of better resource management, removing low-level tasks from senior IT professionals’ job descriptions is also likely to increase job satisfaction and, in turn, increase staff retention, said Jones.

“With cyber security hot on the agenda, the role of the IT professional has become stretched,” he said. “Investing in a team and infrastructure to address evolving technology needs now will pay dividends in the long run.”

For many businesses, outsourcing is a key part of addressing the shortage of cyber security skills, but most governments recognise that in the longer term, the focus needs to be on filling the skills gap.

But information security is not just the responsibility of government, according to Adrian Davis, managing director for Europe, Middle East and Africa at information security education, certification and professional development organisation (ISC)2.

“Information security is about people, society, business and the economy, which is why skills in these areas are also relevant, not just technical skills,” he told Computer Weekly. “And the more people who are cyber aware and can take in the basics, the easier it will be for the experts to deal with the tough stuff.”

Informed discussions

Only when organisations see cyber risks in the same terms as all other business risks will they be able to have informed discussions about the kinds of people and skills they need to ensure the security of the organisation’s data, Davis said in an interview at the (ISC)2 Emea Congress 2016 in Dublin.

The UK government is investing in various initiatives to boost cyber security skills as part of its National Cyber Security Strategy and this is being complemented by various private sector initiatives.

On 24 November, not-for-profit group Qufaro announced a plan to open the UK’s first National College of Cyber Security at the Bletchley Park site by 2018 to nurture the country’s cyber talent.

Qufaro comprises experts from Cyber Security Challenge UK, the National Museum of Computing, the Institute of Information Security Professionals, BT Security and Raytheon.

The organisation is concerned about a lack of co-ordination in training cyber security experts and feels that existing initiatives alone cannot close the skills gap.

In July this year, a study commissioned by business internet service provider (ISP) Beaming revealed that cyber security incidents cost UK firms £34.1bn in the previous 12 months, with managing malware costing £7.5bn and data theft incidents costing £6.2bn.

Read more on Hackers and cybercrime prevention