While more companies are moving their IT infrastructure online, the transition could make them more vulnerable to security threats. Yet, the study found that despite increased concern and spending on cyber security over the last year, there is a high degree of complacency.
Overall, 86 percent of respondents believe they are doing enough to mitigate the impact of cyber attacks. Most respondents still think it’s enough to have the IT or security department involved in mitigating the effect of cyber attacks, with 33 percent considering the IT department solely responsible for security threats.
Inconsistent Security Plans are Common
Moreover, almost two thirds of respondents stated that cyber security is not their department's responsibility. And while over three quarters of businesses have a board that is involved in assessing cyber security preparedness, only one quarter have a dedicated security executive.
While 87 percent of businesses reported having some form of continuity plan in place, fewer than half of businesses have secure practice guidelines to ensure employees know how to keep the business safe. In fact, Juniper found that one of the biggest problems in British businesses is not that there are no measures in place, but that they are inconsistently applied, and not reinforced.
Nearly 90 percent of respondents reported having a plan in place for when a data breach occurs, but only 56 percent of respondents believe they are secure when it comes to digital threats, and 52 percent of businesses still do not have any secure practice guidelines.
Actions that businesses are taking to mitigate the impact of a cyber attack include:
- 48 percent have secure practice guidelines
- 47 percent give secure practice induction briefings
- 25 percent have a dedicated security executive
- 27 percent conduct penetration tests to assess attacks
- 31 percent monitor emails for phishing attempts
Ongoing Significant Commercial Liability
While 69 percent of respondents would contact someone immediately in the event they discovered a cyber breach, 18 percent would wait until the next working day if they did not consider it a big problem, including 38 percent of founders and 27 percent of all board-level respondents.
"Cyber security is a big concern for businesses of all sizes, as an attack could cost millions of pounds in lost data, reputation, time and customers. Yet, our study shows that businesses believe they are far more secure than they really are," said Windsor Holden, head of forecasting & consultancy at Juniper Research.
While no business can be completely safe today, there are steps that companies can take to ensure they are as safe as possible -- and can recover as quickly as possible in the event of a cyber attack.