Business leaders talk the talk when it comes to cyber security, but according to the 2016 PGI/Harvey Nash cyber security survey a significant number aren’t backing it up when it comes to investment.
The survey which posed a range of questions to senior information security professionals showed that 76% of respondents are confident that their organisation has a robust risk assessment in place. This figure is up from the 75% recorded in the 2015 survey. This figure contrasts sharply with other data in the survey which suggests that 49% of organisations do not have an information security aware culture in place.
The survey also reveals that the majority of security professionals are confident that they know which assets need the most protection within their organisation. This confidence could be a reason as to why many CEOs and boards do not see the need to invest in the cultivation of a business wide security minded culture.
Another sign that complacency could be taking place is that a surprisingly low number of organisations have secured cyber insurance. Nearly half of senior information security professionals (46%) said that they do not expect to purchase cyber insurance in the next 12 months.
Only 19% of senior information security professionals at small firms (£50M or less revenue) currently have cyber insurance, this increases to 29% at mid-sized firms (£50M-£500M revenue), and at larger firms (£500M+ revenues) the proportion falls again, to 24%.
These figures are important as new regulations and legislation being imposed by governments and other bodies will make businesses pay out substantial sums to customers affected by cyber breaches. Planned EU regulations state that any major service provider or operator of essential services must notify the authorities in case they suffer a cyber-attack that results in the loss of data. The directive also aims to put pressure on companies and organisations to make their cyber security robust enough to resist a cyber-attack. Failure to do so could result in hefty fines.
Without insurance the costs resulting from a breach are likely to be high. For SMEs in particular the affects could be financially devastating.
If you need advice on how to improve your business’s cyber security contact the experts at PGI.
PGI will be able to support in a number of ways: