Most businesses fail cyber security readiness test


A study of organisations across five countries has revealed major shortcomings in cyber security readiness at nearly three-quarters of firms.

The survey asked a representative sample of private and public sector organisations in the UK, US, Germany, Spain and the Netherlands.

It assessed each organisation according to their cyber security strategy and the quality of its execution – and ranked them accordingly. Only 11 per cent scored highly enough in both areas to qualify as cyber security ‘experts’. One in six firms achieved expert status in either strategy or execution, but not both.

Just 7 per cent of smaller organisations (250 or fewer employees) make the grade as experts.

Smaller firms lack resources, directing on average 9.8 per cent of their IT budget to cyber security compared with 12.2 per cent for larger organisations.

Nearly three out of five respondents plan to increase their cyber security budgets in the year ahead. New technology tops the shopping list despite this being the area where the bulk of firms appear best prepared. The experts lead the way: for example, more than half plan to increase spending on awareness training compared with only 29 per cent of organisations that failed the cyber readiness test.

Cyber security protection is key for businesses of all sizes, with many opting to use penetration testing companies to identify weak points and vulnerabilities that could be exploited by malicious individuals.’

Almost half of the organisations surveyed report at least one cyber attack in the past year. Two-thirds of those targeted suffered two or more attacks. Financial services, energy, telecoms and government entities were the prime targets.

Steve Langan, Chief Executive of Hiscox Insurance Company, commented: “This report shines a light not only on the financial consequences of cyber incidents but also on the enormous investment being made to counter the threat. Importantly, it offers a picture of what best practice looks like. Often the answer is not ‘more technology’ but proactive thinking, more rigorous processes and better trained staff. We hope it will serve as a roadmap for all those organisations that still have some way to go.”