Cyber security issues will be the number one priority for many British businesses in the next 12 months, but few firms will be adequately prepared for the challenges this will pose.
This is according to new research by NTT Security, which found over half of UK firms (54 per cent) ranked cyber attacks as one of the top three issues that could affect their organisation in the year ahead. This meant cyber threats were second only to ‘economic or financial crisis’ (56 per cent) as a top concern for firms at the present time.
What’s more, nine out of ten companies say improving their cyber security will be important to their business over the next 12 months, ahead of priorities such as growing revenue and profit, which was cited by only 78 per cent of respondents.
However, while there is widespread awareness of the risks posed by cyber criminals, many firms still do not have the processes or technology in place to effectively protect their organisation from such threats, and in some cases have actually gone backwards.
For instance, NTT’s survey found security budgets are not keeping up with the increased risks firms face. Overall, the percentage of operations budgets spent on security has fallen by around one per cent since 2018, to 16.5 per cent this year.
The UK does better than many other countries when it comes to having a formal security policy in place, with 70 per cent of British firms having such plans, compared with 58 per cent globally. However, the 2018 figure for the UK was 77 per cent, which may suggest firms have become complacent or are neglecting this area.
Meanwhile, just 60 per cent of UK organisations have an incident response plan in place in the event of a security breach, a three per cent drop from last year.
The result of this means it is taking significantly longer for UK businesses to recover from cyber incidents. Last year, NTT found the typical British firm would take 47 days to deal with an incident, but this has now risen to 93 days – one of the longest timespans in the world.
Azeem Aleem, vice-president of consulting at NTT Security, said: “What’s concerning is that organisations seem to have come to a standstill in their journey to cybersecurity best practice – and it’s particularly worrying to see UK businesses falling behind in some critical areas like incident response planning.”