Breaches Set to Grow in 2018 but Security Investments Stall

Written by

More than half (53%) of UK executives think data breach attempts will grow next year but less than half will increase cybersecurity investments, according to Ovum.

The analyst was commissioned by analytics company FICO to better understand the level of preparedness of UK and US organizations to deal with online threats.

Unfortunately, the UK was found wanting, with 41% of respondents claiming to have a tested data breach response plan, compared to 52% in the US.

However, the UK fared better on having things like monitoring, scoring and reporting services in place (63%), and board-level reporting (71%).

Over half (58%) of UK cybersecurity leaders said breaches had risen in the past 12 months and most expected a rise next year, with respondents from telecoms firms (75%) particularly braced for more attacks.

One standout industry that is planning to increase investment appears to be financial services, where 67% of respondents claimed they’d step-up cybersecurity funding.

“A data breach can be a make-or-break moment for a company,” said Andrew Kellett, principal analyst for IT security and research author at Ovum.

“Your speed of response and your ability to maintain your customers’ trust determines the extent of both financial and reputational loss. If you haven’t tested your response plan, you are putting your firm at greater risk.”

The long roll call of UK firms caught out in data breach incidents already this year, from Wonga to Debenhams Flowers, highlights the need for organizations to invest in incident response plans.

Having a comprehensive organization-wide plan in place can limit the damage following a breach by catching an attack as early on in the kill chain as possible, and communicating with customers in a transparent and timely manner so they're less inclined to boycott the organization.

Investment is even more important in this area given the EU GDPR is now a year away, and will mandate the notification of any breaches within 72 hours to the ICO.

What’s hot on Infosecurity Magazine?