A new survey conducted by Vanson Bourne on behalf of GFI Software and Infinigate UK has revealed 58% of UK companies have suffered a data breach in the past two years, yet even with the high risk of a costly breach being experienced, only 9% of IT budgets are being directed to IT security.
The survey was conducted on UK-based companies that employed between 200 and 1,000 employees across a range of industry sectors. The aim of the survey was to discover the extent to which businesses were suffering data breaches, the main areas of concerns for businesses, the key priorities for improving IT security and where budgets were being directed.
Data breaches can easily result from employee negligence, malicious internal actors may sabotage systems and delete or steal data, and the number of external attacks has been increasing steadily. The survey revealed that external threat actors were the main cause of breaches and were responsible for 48% of incidents. Alarmingly 37% of data breaches were deliberate malicious acts by insiders. 9% of data breaches were the result of the loss or theft of devices containing data with 5% of breaches attributed to employee error.
81% of respondents to the survey said that one of their main priorities was the prevention of data breaches, yet IT security teams are having to secure their systems and prevent breaches with their hands tied. On average, only 9% of IT budgets were being directed to IT security which is not nearly enough. The increase in attacks, broader attack surface, and the increasing sophistication of cyberattacks means budgets need to increase to ensure organizations are properly protected.
When asked about the main challenges that needed to be overcome, the main problem was a lack of management buy-in – cited as a problem by 54% of respondents. Next was a lack of internal resources and skills (48%) with budget limitations only cited as a problem by 43% of respondents. Interestingly, given the plethora of cybersecurity solutions on the market, 29% said a lack of suitable solutions to address risk was the problem. Dealing with insider threats was a major issue for 41% of respondents, the competitive landscape moving too quickly was an issue for 35% of respondents, with a lack of real-time insight and issue for 23%.
The highest priorities for IT security were preventing data breaches and increasing cloud security – both were rated as a high priority by 81% of respondents. Improving mobile security was a high priority for 76% of respondents, which is perhaps unsurprising given that 61% of organizations have a BYOD policy that allows employees to use their personal devices to access internal resources.
Detecting insider threats was a high priority for 74% of respondents, 71% needed improved authentication and identity, 60% were trying to tackle cybercrime, 32% needed auditing capabilities, while 25% said compliance and regulation was a key priority.