Half of businesses don't have skills to deal with threats
As cyber security threats continue to rise, organisations are concerned about their abilities to keep pace.
A new report from business continuity and disaster recovery provider Databarracks reveals only 56 per cent of UK firms believe they have sufficient cyber security skills in-house to deal with threats against their business.
The findings were taken from Databarracks’ annual Data Health Check survey. Now in its 10th year, the survey questions over 400 IT decision makers in the UK on a series of critical issues relating to their IT, security and business continuity practices.
Focusing specifically on cyber security, key findings include the fact that in 2016, 59 per cent of respondents said they had invested in safeguards to help fight against cyber threats in the last 12 months. In 2018, this figure is now 67 per cent.
The types of safeguards organisations have invested in to protect against cyber threats have changed dramatically in recent years.
In 2016, only 12 per cent of organisations confirmed they had updated their cyber security policy in the past 12 months, rising to 26 per cent in 2018.
Similarly, cyber threat monitoring software is now used in 28 per cent of businesses compared to only 13 per cent of businesses in 2016.
The employment of a chief security information officer jumped from one per cent in 2016 to 14 per cent in 2018.
"Investment in cyber security safeguards should translate to improved confidence but the findings show it is yet to make a significant difference," said Databarracks managing director Peter Groucutt.
"We are in the midst of a rapidly accelerating arms race. Organisations are desperately trying to match criminals by working hard to improve knowledge, training and investment in security defences, but are clearly concerned about keeping pace.
"Importantly, organisations shouldn't become disheartened. While confidence levels are not where we hoped, businesses are making positive strides and acting on the front-foot to fight back, which makes us optimistic for the future.”
Critically, it's not just about hiring a CISO, introducing a new cyber security policy or investing in new threat monitoring software says Groucutt – it’s about all of these activities and a fundamental culture change for most organisations.
"Cyber threats are evolving at such a pace organisations cannot stand still," he said.
"In previous years, organisations have failed to match these threats with action and investment. Today, businesses are fighting back and shoring up defences, as our data shows."
The research further revealed 69 per cent of organisations had reviewed their cyber security policies within the last 12 months.
In 2015, only 54 per cent had reviewed their policies. Budgets are also increasing. 36 per cent of organisations had seen their IT security budget increase in the last 12 months, compared to 24 per cent in 2016.
"Over time, as organisations see this increased proactivity and investment lead to better security, we’re hopeful confidence will also improve," concluded Groucutt.