According to the report Only 17 percent of UK business leaders see cyber security as a major priority, compared to 41 percent in the US – and 52 percent in Brazil, the country most alert to the problem according to new research from BT.
By surveying attitudes to cyber security and levels of preparedness among IT decision makers the research found that just one in five (21 percent) respondents in the UK are able to measure the return on investment (ROI) of their cyber security measures compared to nine in ten (90 percent) US companies. Similarly, 86 percent of US directors and senior decision makers are given IT security training, compared to just 37 percent in the UK.
More than half (58 percent) of IT decision-makers globally stated that their boards underestimate the importance of cyber security. This figure increases to 74 percent in the US but drops to 55 percent in the UK.
The difference in levels of preparedness correlates with attitudes to threats. Non-malicious insider threats (eg accidental loss of data) are currently the most commonly cited security concern globally, being reported as a serious threat by 65 percent of IT decision makers. In the UK this falls to 60 percent and is followed by malicious insider threats (51 percent), hacktivism (37 percent) organised crime (32 percent), nation states (15 percent) and terrorism (12 per cent).
In the US the proportion of IT decision makers who see non-malicious insider threats as a severe threat increases to 85 percent and is followed by malicious insider threats (79 percent), hacktivism (77 percent), organised crime (75 percent), terrorism (72 percent) and nation states (70 percent).
More than half of global IT decision makers believe that hacktivism (54 percent) and malicious insider threats (53 percent) will pose a greater risk over the next 12 months. In the US this increases to 73 percent and 74 percent respectively. This compares to 29 percent and 23 percent in the UK. Globally, terrorism is seen as the threat least likely to pose more risk over the next 12 months.
Mark Hughes, CEO of BT Security, said: “The massive expansion of employee-owned devices, cloud computing and extranets, have multiplied the risk of abuse and attack, leaving organisations exposed to a myriad of internal and external threats – malicious and accidental.
“US businesses should be celebrated for putting cyber security on the front foot. The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone.”
In response to emerging threats, three quarters (75 percent) of IT decision makers globally say they would like to overhaul their infrastructure and design them with security features from the ground up. 74 percent would like to train all staff in cyber security best practice. Similarly, just over half (54 percent) say they would like to engage an external vendor to monitor the system and prevent attacks.