Over half (54%) of organisations lack the knowledge and intelligence needed to protect against today’s sophisticated cyber-attacks, according to research by Symantec and Deloitte.
With six in ten IT decision makers lacking complete confidence in their company’s cyber security policies, organisations in the UK are underestimating the risk of cyber threats.
As many as six in 10 IT decision makers do not believe their business has suffered a cyber attack, despite Symantec’s 2014 Internet Security Threat Report suggesting otherwise.
Furthermore, nearly half (49%) of the survey respondents in the UK fail to treat corporate IP, customer, employee and financial information as completely confidential.
Simple procedures, such as installing security software are not considered a necessity by nearly half (49%) of organisations, and only a third (34%) of organisations see regular training of employees as a necessity.
This could leave businesses wide open to the consequences associated with an attack, including loss of revenue, intellectual property and damage to its external reputation.
Over a third of survey respondents have suffered cyber-attack false alarms, and with implications including a loss of connection to IT systems (84%) and a loss of data (74%), it is clear this has an impact on businesses.
Results showed that 80% of these organisations noticed a drop in production levels and 72% saw a drop in revenue until the system was turned back on.
“Symantec’s Global Intelligence Network has identified a 91% increase in targeted attacks and a 62% increase in data breaches in 2013 over the previous years,” says Sian John, chief security strategist, EMEA at Symantec. “Cybercriminals have stepped up their game in the past year, yet businesses have not.
“This latest survey demonstrates there is still a huge gap in security intelligence and understanding by IT managers on how to combat malware and cyber-attacks. Senior management need to be more engaged and develop a strategic security approach to prevent the organisation from being exposed with a potential for significant loss.”
In the UK, IT decision makers stated less than half of employees in their company know how important information protection is. Despite this, 55% of IT decision makers rely on external influences, such as legislative changes, to drive information security policy decisions.
This reactive approach could create a ‘tick box’ attitude to cyber threats, leaving the organisation more vulnerable to attack if policies are not carefully coordinated and regularly updated across each business unit within the organisation.
With cyber attacks on the increase, 80% of IT managers stated that third-party cyber solutions are cost effective and can address the lack of knowledge and expertise with the most up-to-date technologies.
“The threat from sophisticated cyber threats continues to increase, along with the repercussions of a breach,” said said Andy Ng, director and information protection lead of cyber risk services at Deloitte. “It is essential that organisations become proactive and resilient in protecting their business.”