Business leaders talk the talk when it comes to cyber security, but according to the 2016 PGI/Harvey Nash cyber security survey a significant number aren’t backing it up when it comes to investment.
The survey which posed a range of questions to senior information security professionals showed that 76% of respondents are confident that their organisation has a robust risk assessment in place. This figure is up from the 75% recorded in the 2015 survey. This figure contrasts sharply with other data in the survey which suggests that 49% of organisations do not have an information security aware culture in place.
The survey also reveals that the majority of security professionals are confident that they know which assets need the most protection within their organisation. This confidence could be a reason as to why many CEOs and boards do not see the need to invest in the cultivation of a business wide security minded culture.
Another sign that complacency could be taking place is that a surprisingly low number of organisations have secured cyber insurance. Nearly half of senior information security professionals (46%) said that they do not expect to purchase cyber insurance in the next 12 months.
Only 19% of senior information security professionals at small firms (£50M or less revenue) currently have cyber insurance, this increases to 29% at mid-sized firms (£50M-£500M revenue), and at larger firms (£500M+ revenues) the proportion falls again, to 24%.
These figures are important as new regulations and legislation being imposed by governments and other bodies will make businesses pay out substantial sums to customers affected by cyber breaches. Planned EU regulations state that any major service provider or operator of essential services must notify the authorities in case they suffer a cyber-attack that results in the loss of data. The directive also aims to put pressure on companies and organisations to make their cyber security robust enough to resist a cyber-attack. Failure to do so could result in hefty fines.
Without insurance the costs resulting from a breach are likely to be high. For SMEs in particular the affects could be financially devastating.
If you need advice on how to improve your business’s cyber security contact the experts at PGI.
PGI will be able to support in a number of ways:
Your free Global Geopolitical Dashboard
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.