Businesses need to do more to combat cyber security threats as smart-phones, tablets and the increased use of cloud computing have elevated security risks, according to a new study.
The ‘Global State of Information Security Survey 2014, a worldwide survey by CIO, CSO and PwC’ interviewed 9,600 executive from 115 countries on the challenges of protecting their business and assets from cyber-attacks.
It found there was a 25 per cent global increase in cyber security incidents in the past 12 months. This figures was much higher for the UK, where the number of security incidents rocketed by 69 per cent.
The average security budget was found to be $4.3 billion, which was a rise of 51 per cent compared to 2012. However, the average losses as a result of security incidents were up 18 per cent and big losses increased faster than smaller losses, with the number of respondents reporting losses of over $10 million up 51 per cent from 2011.
The survey found around one in three (35 per cent) security incidents left employee data compromised and 31 per cent saw customer records compromised or unavailable. Some 29 per cent resulted in a loss or damage of internal records and 23 per cent resulted in identity theft, with client or employee data stolen.
According to the report, the implementation of mobile security lags behind the increasing use of mobile devices as the rise in ‘bring your own device’ and cloud computing elevates risks. For example, while 47 per cent of respondents use cloud computing only 18 per cent included provisions for the cloud in their overall security policy.
Overall, 28 per cent of respondents admitted to a lack of collaboration across their information security systems, which can hinder performance and slow down any adaption to market change.
Grant Waterfall, cyber security partner at PwC, said: “As cyber threats evolve, it is critical that organisations rethink their security strategy so that it is integrated with business needs and strategies and is prioritised by top executives. Collaboration with others to improve security has become a key way to gain knowledge of dynamic threats and vulnerabilities.”
“You can’t fight today’s threats with yesterday’s strategies,” added Gary Loveland, a principal in PwC’s security practice. “What’s needed is a new model of information security, one that is driven by knowledge of threats, assets, and the motives and targets of potential adversaries.”
