86% of respondents think they are doing enough to mitigate the impact of cyber security attacks, yet over 50% have knowingly suffered a data breach
27% of SMEs reported feeling secure from digital threats due to being ‘too small’ to be of interest to cyber attackers
Over 80% of founders, C-level executives, board members and directors believe they are doing enough to mitigate the impact of cyber attacks
Today, Juniper Research has released a report into the business attitudes towards and experiences of cyber security and cyber attacks in SMEs and enterprises. The research revealed that three quarters of companies feel they are currently secure, even though half of those businesses also reported having previously experienced a cyber attack.
Increasingly, businesses are moving critical infrastructure online, making them more vulnerable to digital threats. Yet, the study found that despite increased concern and spend on cyber security over the last year, there is a high degree of complacency, with few common practices in response to this threat. Overall, 86% of respondents believe they are doing enough to mitigate the impact of cyber attacks. Most respondents still think it’s enough to have the IT or security department involved in mitigating the effect of cyber attacks, with 33% considering the IT department solely responsible for handling security threats. In addition, almost two thirds of respondents stated that cyber security is not their department’s responsibility. And while over three quarters of businesses have a board that is involved in assessing cyber security preparedness, only one quarter have a dedicated security executive.
While 87% of businesses reported having some form of continuity plan in place, fewer than half of businesses have secure practice guidelines to ensure employees know how to keep the business safe. In fact, Juniper’s report found that one of the biggest problems when it comes to cyber security in British businesses is not that there are no measures in place, but that they are inconsistently applied, and not reinforced. Nearly 90% of respondents reported having a plan in place for when a data breach occurs, but only 56% of respondents believe they are secure when it comes to digital threats, and 52% of businesses still do not have any secure practice guidelines. Actions that businesses are taking to mitigate the impact of a cyber attack include:
48% have secure practice guidelines
47% give secure practice induction briefings
25% have a dedicated security executive
27% conduct penetration tests to assess the likelihood of an attack
31% monitor emails for phishing attempts
While 69% of respondents would contact someone immediately in the event they discovered a cyber breach, 18% would wait until the next working day if they did not consider it a big problem, including 38% of founders and 27% of all board-level respondents.
Windsor Holden, Head of Forecasting & Consultancy at Juniper Research, comments: “Cyber security is a big concern for businesses of all sizes, as an attack could cost millions of pounds in lost data, reputation, time and customers. Yet, our study shows that businesses believe they are far more secure than they really are. While no business can be completely safe nowadays, there are steps that companies can take to ensure they are as safe as possible, and can recover as quickly as possible in the event of a cyber attack.”
The research frames some high profile cyber attacks in recent years, such as Target, Ashley Madison, TalkTalk and T-Mobile. Businesses are now looking at their approaches to cyber security and data protection and shoring up their defences in response.
Kristine Olson-Chapman, General Manager at TalkTalk Business added: “For us cyber security is no longer just a technology issue, it’s a business issue for the whole company. Any business that has ever had a cyber attack will tell you that they never expected it, even with all the processes in place. Businesses need to ask themselves what they need to do now to plan and prepare.”
The research was conducted by Vanson Bourne which surveyed 200 British businesses. A full copy of the Juniper Research report can be downloaded from here.
Notes to editors
50% of respondents reported that they had been the victim of a cyber attack
Of these attacks, 29% resulted in a data breach. Two-thirds of reported attacks happened within the past year
Almost three quarters (74%) of companies feel that they are currently secure when it comes to digital threats. 27% of SMEs believe they are secure from cyber attacks because they are too small
33% of respondents consider the IT department solely responsible for handling security threats, and almost two-thirds believe that it is not their department’s responsibility
63% of respondents claimed that cyber security was not their department’s responsibility
Less than 7% of respondents would notify the CEO directly on discovery of a cyber attack
Attacks on businesses have been increasing exponentially for the last 4 years, with over a third of reported attacks happening in the past 6 months
Over three-quarters of businesses have a board that is involved in assessing cyber security preparedness, but only a quarter have a dedicated security executive
Fewer than half of businesses have secure practice guidelines or similar methods of ensuring staff follow secure practices
Over 80% of founders, C-level executives, board members & directors believe they are doing enough to mitigate the impact of cyber attacks, but less than 60% think they have the right policies in place to be secure
020 7291 0235