UK organisations may be up to 40 percent more likely to be subjected to cyber-attack than their European counterparts according to new research.
The research carried out in August by Trend Micro and Quocirca found that while UK companies are more at risk from cyber-attack, they are also better prepared to deal with those attacks and data is less likely to be stolen.
Of the 500 high-level IT experts interviewed, 64 percent believed that targeted cyber-attacks have increased in the past year with UK organisations reporting an average of nearly nine attacks in the past year.
Dominic Trott, a senior analyst at the London office of Pierre Audoin Consultants (PAC), an independent European research and consulting firm dealing with IT services, offered some insight into the phenomenon: "The UK ‘suffers' due to English being the national language. After all, English remains the language of global business, making it easier for a broader range of threat actors to attack UK organisations. As a demonstration, Trend Micro's quarterly threat report published in August 2015 shows that over three-quarters of all spam it detected was written in English.”
Since cyber-attacks on UK organizations rose sharply in 2013, a majority believes this will only get worse with time. But while no-one believes this will get any better and over half of both UK and European organisations fear that attacks may have greater and greater impacts on them, UK businesses are increasingly better prepared to deal with this growing threat.
When UK businesses have been targeted, the cost is far less to them than it is to their European counterparts. The average cost to UK business is £172,000 pounds compared to the £243,000 for all of Europe. The research states that “although the UK is an attractive target for cyber-criminals, this finding indicates that UK organisations are better prepared for targeted attacks than other European businesses.”
Part of this is the UK organisations' focus on breach response plans. While only 38 percent of European firms said that they felt a breach response plan was important, over half of UK firms did. According to the research “this seems to be instrumental in keeping down the overall cost of breaches in the UK”.
Dominic Trott, of PAC, added to this: “In an environment where security breaches are increasingly becoming a question of ‘when' rather than ‘if', attention is moving away from protecting the dissolving concept of a secure perimeter. Instead, there is a growing emphasis on identifying breaches and shutting them down rapidly, and this is an area where UK organisations appear to be better prepared than their European peers."
This demand for preparedness in the UK doesn't seem to be stopping either. Last year, UK tech job site, Technojobs, released data which showed a massive demand for more cyber-security professionals in UK businesses.
There is, however, still more work to be done, says Rik Ferguson, VP of Security Research at Trend Micro: “While UK businesses increasingly recognise the reality, scale and impact of targeted attack, the initial data reveals that much more can and should be done in testing their readiness to deal with them.”
Ferguson added: “A large number of businesses report having training and penetration testing measures in place, but relatively few are conducting cyber-readiness tests, or fire drills. Raising user awareness and probing your systems are both crucial components but they cannot be fully tested unless brought together in a live-fire exercise involving your employees."