UK organisations are concerned about their abilities to keep pace with the persistent rise of new cyber security challenges. This follows new data from business continuity and disaster recovery provider, Databarracks, revealing only 56 per cent of UK firms believe they have sufficient cyber security skills in-house to deal with threats against their business.
The findings were taken from Databarracks' annual Data Health Check survey. Now in its 10th year, the survey questions over 400 IT decision makers in the UK on a series of critical issues relating to their IT, security and business continuity practices. Focusing specifically on cyber security, key findings include:
- In 2016, 59 per cent of respondents stated they had invested in safeguards to help fight against cyber threats in the last 12 months. In 2018, this figure is now 67 per cent.
- The types of safeguards organisations have invested in to protect against cyber threats have changed dramatically in recent years. In 2016, only 12 per cent of organisations confirmed they had updated their cyber security policy in the past 12 months. In 2018 that figure is 26 per cent. Similarly, cyber threat monitoring software is now used in 28 per cent of businesses compared to only 13 per cent of businesses in 2016.
- The employment of a Chief Security Information Officer, jumped from 1 per cent in 2016 to 14 per cent in 2018.
Peter Groucutt, managing director of Databarracks commented: "Investment in cyber security safeguards, should translate to improved confidence but the findings show it is yet to make a significant difference.
"We are in the midst of a rapidly accelerating arms race. Organisations are desperately trying to match criminals, by working hard to improve knowledge, training and investment in security defences, but are clearly concerned about keeping pace. Importantly, organisations shouldn't become disheartened. While confidence levels are not where we hoped, businesses are making positive strides and acting on the front-foot to fight back, which makes us optimistic for the future."
Groucutt continues: "Critically, it is not just about hiring a CISO, or introducing a new cyber security policy or investing in new threat monitoring software – it's about all of these activities and a fundamental culture change for most organisations. Cyber threats are evolving at such a pace organisations cannot stand still. In previous years, organisations have failed to match these threats with action and investment. Today, businesses are fighting back and shoring up defences, as our data shows."
The research further revealed 69 per cent of organisations had reviewed their cyber security policies within the last 12 months. In 2015, only 54 per cent had reviewed their policies. Budgets are also increasing. 36 per cent of organisations had seen their IT security budget increase in the last 12 months, compared to 24 per cent in 2016.
Groucutt concludes: "Over time, as organisations see this increased proactivity and investment lead to better security, we're hopeful confidence will also improve."