The UK is at the 'bottom of the pile' when it comes to security maturity, according to new findings from Cisco.
In its 2017 Annual Cybersecurity Report the firm quizzed 3000 chief security officers (CSOs) and security operations leaders from 13 countries, highlighting the difficulties that security leaders face as they attempt to match gains in the depth of their security infrastructure with the evolution of cybercrime, shifting breach modes and the increasing attack surface. Worryingly, Cisco ranked the UK lowest in terms of countries that are successfully finding this balance, given the strength of its digital infrastructure, with just 28% of companies judged to have ‘high’ security maturity.
CSOs polled in the report cited budget constraints, poor compatibility of systems and a lack of trained talent as the biggest barriers to advancing their security postures. What’s more, leaders also admitted that their security departments are increasingly complex environments with 65% of organizations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.
These findings are particularly concerning when you take into consideration the business costs of suffering a cyber-incident; more than 50% of organizations said they faced public scrutiny after a breach, with 22% of companies losing customers, 29% losing revenue and 23% losing business opportunities as a result.
“This report offers ultimate proof that cybersecurity is a business concern, not an IT issue,” argued Duncan Tait, CEO Fujitsu EMEIA and Americas. “Breaches hit the bottom line and that should make security a C-suite topic.
“Moreover, despite the UK having a digitally diverse economy, the country has the lowest level of security maturity. This is a critical threat to businesses’ futures and I speak as a CEO when I say that, when it comes to prioritizing cybersecurity and putting in place the processes and plans to manage it, responsibility lies with the board. Businesses absolutely must shore up their cyber-defenses or risk becoming the latest high profile disaster.”
There were sentiments echoed by Darren Anstee, chief security technologist at Arbor Networks, who added that the goal of security is to reduce business risk, and that is where value can be demonstrated.
“To do this organizations need to implement metrics that allow them to quantify whether investments have a positive or negative effect on overall risk. Getting this part right can make it easier to get investment, and can help business to move the security of their organisations in the right direction.”