Only 9% of UK businesses confident in their cyber security plans

Posted on 18 Apr 2018 by Jonny Williamson

Businesses lack confidence in their own plans to manage cyber-attacks, and only 9% of UK businesses are totally confident in their cyber breach mitigation plans, new study has shown.

Businesses lack confidence in own plans to manage cyber-attacks, and only 9% of UK businesses are confident in cyber security plans – image courtesy of Depositphotos.

Despite continuing news of cyber-attacks and data breaches every day, the findings from BAE Systems indicate that businesses are still struggling to establish plans to combat this 21st century threat.

The responses by sector reveal that no companies surveyed from the manufacturing industry are totally confident in their organisation’s cyber breach mitigation plan.

This is followed by:

  • 5% from ‘other’ commercial sectors
  • 7% from retail, distribution and transport
  • 10% from IT
  • 15% from business and professional services
  • 15% from financial services

James Hatch, cyber services director at BAE Systems Applied Intelligence, said: “Many organisations still see dealing with a cyber security breach as a black swan event, something significant and unexpected that in hindsight could have been prevented, and have not yet made their mitigation plans business as usual.

“Effective management of cyber breaches requires businesses to be organised and prepared for the threats that they face, with a clear process in place. Everyone involved should be confident in what they need to do.”

According to the research, almost half (48%) said that technology is their most important tool, with people coming second at 32%. Just 15% named process – but organisations need to deploy a combination of people, process and technology to be cyber resilient.

Hatch commented: “There are two problems. Most organisations struggle to deal with something beyond the experience of their people. Each time existing experience is stretched it can cause an emotional reaction within organisations. They have to prepare for these new experiences and learn how to handle in the future.

“External specialists can help but are most effective when their involvement and arrangements for mobilisation, access and communication are defined in advance. There is absolutely a role for technology and automation, especially in reducing the workload involved in dealing with routine incidents so that security teams have the bandwidth to deal with what really matters.

“The range of incidents that an organisation can face varies hugely from ransomware outbreaks to covert targeted attacks to accidental data breaches. But that doesn’t mean that businesses cannot be prepared for all of these eventualities.

“The key is to differentiate the routine from the unusual and the urgent from the important and prepare for each with the right combination of technology and automation, people and skills, policy and process. Once this is done, cyber breaches become more manageable and less emotional.”

Get insights like this delivered straight to your inbox

5 Digital Briefings | 5 Front-of-Mind Topics | 5 Days a Week

  • Monday: Manufacturing Innovation
  • Tuesday: Manufacturing Leadership
  • Wednesday: Digital Transformation
  • Thursday: Industrial Automation
  • Friday: Industrial Internet

Sign up for free here.