According to the Global State of Information Security Survey from PricewaterhouseCoopers, UK businesses have increased the amount they are spending on protecting themselves from cyber-attacks and are putting in place better protection from risks to their cybersecurity. According to the survey, the number of security incidents detected in the UK in the past 12 months increased by 69%, compared to a global increase of just 25%.
A majority (81%) of UK companies have also adopted an overall information security strategy often involving executive-level oversight, which is a 17.5% increase in the number of companies that have done so in the past year. That’s ahead of European counterparts: only 54% of European security professionals report directly to the board or CEO.
Bottom line, the results show that UK companies are taking cybersecurity more seriously, becoming skilled at identifying where their vulnerabilities are and putting in place the necessary processes and policies to mitigate the threat. As ever though, there’s a caveat: their adversaries continue to outperform them.
Worryingly, 16% of UK businesses do not know how many security incidents they have had in the last year. Also, 24% see the top level of leadership as the biggest obstacle to improving the overall effectiveness of the security function. A full 64% of UK security professionals report directly to the board or CEO, but nearly a quarter do not think there is a senior executive who proactively communicates the importance of information security.
UK respondents say the top three obstacles to improving security are: insufficient capital funding, a lack of leadership from the CEO or board, and a lack of vision on how future business needs will impact security.
The survey also found that there’s work to do in terms of beefing up defenses. Globally, the survey reports that smartphones, tablets, the bring-your-own-device (BYOD) trend and the increased use of cloud computing have elevated security risks – none of which are new or surprising findings. However, efforts to implement mobile security programs do not show significant gains over last year and continue to trail the increasing use of mobile devices. While 47% of respondents use cloud computing – and among those who do, 59% say security has improved – only 18% include provisions for cloud in their security policy.
The survey also found that while most respondents have implemented traditional security safeguards (such as virtual private networks, firewalls and encryption of desktop PCs), they are less likely to have deployed tools that monitor data and networks to provide real-time intelligence about today’s risks.
Insiders, particularly current or former employees, are cited as a source of security incidents by most respondents. And while many believe nation-states cause the most threats, only 4% of respondents cited them, whereas 28% pinpoint hackers as a source of outsider security incidents.
“As cyber threats evolve, it is critical that organizations rethink their security strategy so that it is integrated with business needs and strategies and is prioritized by top executives,” said Grant Waterfall, cyber security partner at PwC, in an emailed statement. “Collaboration with others to improve security has become a key way to gain knowledge of dynamic threats and vulnerabilities.”