The survey - ‘Business and the Cyber Threat: The Rise of Digital Criminality' – was published by BAE Systems Applied Intelligence (formerly Detica) and also finds the UK is leading the way globally in awareness of the cyber threat.
It questioned more than 500 strategic and IT decision makers in £350 million turnover-plus companies across the UK, US, Canada and Australia, and found that most UK businesses (57 percent) now regard cyber threat as one of their top three business risks.
An encouraging 70 percent of UK companies possess crisis plans in the event of a cyber-attack, while 65 percent believe that their board fully appreciates the business risk presented by cyber-attacks, compared to 54 percent globally.
However, the survey paints a gloomy picture of the continuing cyber threat, with nine out of ten British businesses expecting the number of cyber-attacks to increase.
This pessimism is backed by new research from the respected US SANS Institute which finds 47 percent of respondents assume they've been compromised - and another five percent assume that if they have not already been breached, they eventually will be.
The first-ever SANS Endpoint Security survey, which questioned nearly 1,000 IT security professionals in the US, also reveals that companies are struggling to secure their growing number of endpoint devices.
“The survey results demonstrate clearly that organisations are failing to close the loop between their network and endpoint protections and intelligence,” said Deb Radcliff, executive editor of the SANS Analyst Programme - which produced the report.
Commenting on the BAE survey, Martin Sutherland, managing director of BAE Systems Applied Intelligence, said: “We're starting to see genuine interest from British businesses that realise that the threat of digital criminality is something that affects their whole business and is not just an IT issue.”
But experts are warning against any complacency. Paul Henninger, global product director at BAE Systems Applied Intelligence, told SCMagazineUK.com via email: “The evolving nature of the threat and the constantly changing digital landscape means that we can never afford to be complacent.”
Mike Loginov, chief cyber security strategist at HP Enterprise Security Services, supported this attitude. Commenting on the SANS statistics, he told SCMagazineUK.com: “To hear that some 47 percent of respondents assume they have been compromised – frankly speaking the rest need to wake up to the reality that this is by far the healthier approach to take. There is still much to be concerned about. Best advice in this space is to assume the worst-case scenario, a compromise has occurred, and work from there.”
Henninger added: “In part the UK is better positioned to ensure an adequate level of preparedness as UK institutions have been a target for digital criminals for many years. In response the UK Government, via the Cyber Information Sharing Partnership and the National Fraud Authority, have been proactive in understanding the severity of the threat and in creating awareness across industries targeted by cyber and fraud attacks.
“The increase in spending on security post-Target [attack] seems to be positive, not least because the attack showed that even a well-prepared organisation needs to limit the damage a determined cyber-criminal can do. Organisations must increase spending in order to improve their ability to quickly understand threat intelligence and to use it to spot attacks quickly.”
Henninger said: “Responding to the threat effectively will require businesses to develop holistic threat intelligence management programmes supported by security platforms that not only provide the raw intelligence data but also the ability to process and analyse large amounts of complicated information as quickly and clearly as possible.”
The BAE report can be downloaded here.
The complete SANS survey results will be presented by the SANS Institute on a webcast on March 13. To register visit https://www.sans.org/webcasts/97817.