More than a third (36 per cent) of UK cyber security professionals said that their business was hit by an IT security incident in 2015, according to a report by recruitment firm Harvey Nash.
In a survey of nearly 200 IT security professionals in the UK, Harvey Nash found that most senior information security professionals (73 per cent) reported that phishing or social engineering were the form of attack, while 53 per cent reported a virus or malware outbreak. Almost a quarter (24 per cent) of information security professionals said that their firms had experienced a denial-of-service or distributed denial-of-service (DDoS) attack.
According to Harvey Nash, in more than half (56 per cent) of these security incidents, there was a loss of revenue or profit, and in more than a third (35 per cent) a loss of customer confidence inflicted “less tangible but equally serious damage”.
In the same report, Harvey Nash reveals that 73 per cent of senior information security professionals rate a lack of a security-aware culture as most critical to information security success.
“It appears that more lip service is being employed than actual experts on the ground who can deliver information security cultural change,” said Stephanie Crates, head of London information security practice at Harvey Nash.
However, this doesn’t mean that organisations aren’t trying to get up to speed; 89 per cent of senior information security professionals say their organisation is committed to developing and maintaining an information security-aware culture. Incidentally, seven per cent said that their organisation was not committed to do this, while four per cent said they didn’t know.
The report also found that 45 per cent of cyber security professionals believed that their board of directors have a major gap in their understanding of cyber risk, or don’t understand the risk at all. Many IT security pros felt the same way about CEOs, CFOs, CMOs and COOs.