What sectors are investing the most and least in cyber security?The responsibility of cyber security falls on everyones shoulders. But, the charge should be lead from the top. Has your sector fallen behind?
The frequency and severity of cyber attacks and data breaches has risen significantly in the last few years, as attacks increase in volume and variety.
This exponential growth of the cyber threat is confirmed by figures from Business Continuity Institute (BCI), which have revealed that 53% of UK firms now consider a cyber attack as the main threat facing them in the near future.
PwC have also worked out that £857,000 is the average annual cost incurred by UK firms who have fallen victim to cyber attacks and data breaches. Any incidents can therefore have
adverse and disruptive implications.
According to security professionals recently consulted by networking hardware company Cisco, operations (38%) of a firm is likely to be affected the greatest by any potential successful cyber attack. After operations – finances (29%), intellectual property (27%), brand reputation (27%) and customer retention (25%) are most at risk.
Knowing that no firm with serious ambition to perform successfully and achieve favourable results wants to be in a position of having critical functions compromised, SavoyStewart.co.uk analysed findings from Gov.uk to see how much money 811 UK firms from a range of sectors invested in cyber security during the financial year of April 2017 – March 2018.
Darren Best, managing director of SavoyStewart.co.uk commented: “As the scale and sophistication of cyber attacks/breaches intensifies, firms cannot afford to sit back and take the importance of cyber security lightly. As firms now remain reliant on an online ecosystem to conduct business, they must realise their websites and digital communications can be easily targeted and exposed to cyber attacks and breaches. So key decision makers need to put an urgent spotlight on cyber security by placing it high on their agenda. This includes investing a sufficient amount of money to ensure their IT estate has the capabilities to consistently get basic defences right and establishing adequate governance on cyber security for employees to thoroughly follow.”
Is your sector taking cyber security seriously?
The results confirmed that firms in finance and insurance invested the most money on cyber security at a significant average of £17,900 – which is unsurprising . This marked a phenomenal 85% increase from the previous financial year (April 2017 – March 2017), when finance and insurance firms were spending an average of £9,650.
>See also: Cyber security predictions for 2018
Firms in the transport and storage sector invested the second highest amount of money in cyber security at an average of £6,570, a small increase of 9% from the financial year before (£6,040).
The research revealed that firms in the entertainment, service and membership industry invested the least money on cyber security at a mere average of £770. This marked the biggest decrease in cyber security investment from all the considered sectors – an 82% drop from 2016-17, when firms within the sectors were splashing a heftier average of £4,380.
Investing slightly more than the entertainment/service/membership industry, firms in food and hospitality forked out an average of £900 on cyber security. Despite this low sum, food and hospitality firms still managed to achieve the second highest increase in cyber security investment when compared to their average 2016-17 outlay of only £620.
Dr Mike Lloyd, CTO at RedSeal, suggests that this study is illuminating, “but at least one lesson it brings out is the paucity of spending. Given that the worldwide market for defensive security is assessed at around £100 billion, and the size of the offensive cybercrime market is estimated at around £3 trillion, then an average spend in the mid thousands of pounds per company is low by global standards.”
“We are engaged in a kind of economic warfare with cyber criminals. Every company is involved, whether they wish to be or not – so long as you have any kind of online presence, or any digital records about your customers, then you are a target. Being small is no defense – the attackers use automation on a global scale to find any organisation with weak defences. Unfortunately, we cannot solve this by just hiring the right people to take care of it – there is a worldwide shortage of security professionals, and in the next few years it is only going to get worse. We have no choice – we must embrace automation. This is the weapon being used against us, but it can also be deployed defensively. Machine reasoning is able to detect and prioritise defensive gaps far faster and with greater cost effectiveness than expensive and rare security analysts.”