UK organizations are getting better at taking proactive steps to manage risk, but the inside threat and mobile devices combined last year to increase detected incidents by 38%.
These are some of the key findings from the PwC Global State of Information Security Survey 2016 for which the consulting giant interviewed over 10,000 executives in more than 120 countries, including 637 in the UK.
Over 80% of UK organizations suffered service downtime as a result of security problems over the past 12 months, with mobile devices accounting for a third of reported incidents and current or former employees listed as the top source of issues.
The average cost of incidents as a result was £1.7m ($2.6m) over the period—far higher than the $6.3m estimated by HP and the Ponemon Institute in their report yesterday.
A majority (55%) of respondents claimed their boards don’t participate in the overall security strategy, and just one third (36%) of CISOs or equivalent report to the CEO.
Fewer than half (47%) have a security strategy for cloud computing, while just 36% have implemented one for the Internet of Things.
More worrying still, nearly 10% of UK companies don’t know how many attacks they suffered this year and 14% don’t know how they happened.
However, there were also positives to take away from the report.
It claimed a 38% increase in detected information security incidents and a 24% boost in security budgets in 2015—although the UK average budget ($4m) still remains below that of US firms ($5m).
Also of note were a majority of respondents (58%) who now have an information security strategy, and a whopping 91% who have adopted a risk-based cybersecurity framework.
Firms are also preparing for the worst—with 59% investing in cybersecurity insurance, up from 51% last year. Tellingly, 43% of respondents made a claim on their insurance.