A survey conducted by training company QA, reveals that eight out of ten (81 per cent) UK IT decision makers experienced some sort of data or cyber security breach in their organisation in 2015.
More than half said that the breach had led to a loss of data, while nearly half (45 per cent) reported that it had caused a loss of revenue and resulted in a PR nightmare for the business. Despite this, less than a third (27 per cent) plan to invest in cyber security technologies next year.
Richard Beck, Head of Cyber Security at QA, said: “One way that organisations can try and limit the impact of a skills shortage in the IT department is to increase staff awareness of cyber threats. With a fifth of those surveyed acknowledging that the biggest threat to security next year is likely to be human error, educating staff on how to detect and deter common threats like social engineering or phishing attacks could prove invaluable in helping defend an organisation.
“The research shows that currently only 31per cent of organisations plan to invest in employee awareness and engagement training. However, all companies should be teaching employees a ‘Cyber Security Code’ until it becomes instinctive. CESG, The National Technical Authority for Information Assurance, has a paper entitled ‘10 steps to cyber security’ which is a really good place to start for this.”
Not all organisations have learnt from their experience, with less than half (43 per cent) of IT decision makers saying that the breach had not resulted in a change of policyand procedure. Perhaps it’s not surprising that 40 per cent said they didn’t feel confident they had the right balance of cyber security skills in their organisation to protect it from threats in 2016.
The Biggest Threats to Corporate Security in 2016 are organised/automated cyber attack (54 per cent), Human error is the second largest concern (19 per cent) for IT decision makers, with both ‘compromise through employees’ and ‘employee negligence’ both featuring in the top five threats.