UK firms are falling behind on cyber readiness, with over a third claiming to have changed nothing despite suffering a security incident in the past year, according to a leading insurer.
The Hiscox Cyber Readiness Report 2017 is comprised of interviews with 3,000 executives, managers and IT specialists in charge of cybersecurity at businesses of all sizes in the UK, US and Germany.
It found that 57% of them had experienced a cyber-attack in the past year. While the figure was slightly lower in the UK (53.5%), a much larger percentage of firms (36%) said they’d taken no additional action following the incident(s).
The figure was 26% in Germany and just 18% in the US.
UK firms are also most likely to believe that cyber insurance is not relevant for them, with 45% claiming they have no plans to take out a policy.
Over a third (36%) of “cybersecurity novices” according to the Hiscox model were UK firms, just behind Germany (39%).
This category accounts for more than half of all firms interviewed, whereas “cybersecurity experts” accounts for only 30%. This category was dominated by US firms – accounting for 49%.
Experts are said to share similar characteristics: they spend more on security and have more staff; use security metrics more effectively; implement standards; have top-level buy-in; and run awareness training courses.
The report had the following:
“With our experience showing that the majority of incidents result from the negligence or activity of insiders, it’s not a surprise that our study reveals that increased investment in cyber awareness training for employees is second only to new security technology. Employee training should be one of the most important elements of a cyber security strategy.”
Rob Norris, head of enterprise and cybersecurity EMEIA at Fujitsu, argued that firms need to integrate threat intelligence into systems to give them essential context on attacks.
“There must also be a clear and well-rehearsed crisis management plan for a breach, addressing internal and external communication,” he added.
“With the new EU GDPR legislation coming into effect next year, it’s vital for organizations to take a proactive approach when it comes to cyber security. Ensuring a compliant business environment, that will help protect the company and its employees, needs to be the number one priority.”