Half of IT decision makers want dedicated cyber-security budgets
Half of IT decision maker in large multinationals think that they should have a dedicated budget to tackle cyber-crime, rather than being financed via a central IT budget.
That’s one of the findings from a new report, titled Taking The Offensive – Working Together to Disrupt Digital Crime, from KPMG and BT.
The research found that nearly every big business in the UK had experienced some kind of cyber-attack. 97% said they had fallen victim to an attempted or successful cyber-attack and around half reported seeing an increase in attacks over the past two years.
Only around a fifth of IT decision makers felt their company was fully prepared to meet the challenges thrown up by increasingly sophisticated and determined cyber-criminals.
Those working in IT and dealing with the sharp end of the threat said they feel constrained by a number of factors, including regulation, availability of resources and a dependence on third parties in dealing with threats and responding to attacks.
Currently, 60% of IT decision makers report that cyber-security is funded from a central IT budget within their organisation. 50% said it would help to combat the threat if they had a dedicated cyber-security budget. More than a quarter (26%) had already appointed a dedicated chief digital risk officer (CDRO).
The report also highlighted the fact that cyber-criminals were becoming increasingly well-prepared and effective. It stated that criminal organisations have their own funding and can access major resources for research and development to help them in the arms race against cyber-security professionals.
It’s crucial that companies of all shapes and sizes are able to mount effective defences against these criminals. According to the Government’s Cyber Security Breaches Survey 2016, the average cost to business from a single cyber breach stood at £36,500 while the most costly identified was around £3 million. These costs could be enough to push some firms, especially those that operate on tight margins and with small budgets, towards insolvency.
The Taking the Offensive report also suggested that internal factors can increase external threats. 94% of IT decision makers said they were aware that criminals were blackmailing or bribing employees to gain access to organisations, but only 53% said they had a strategy in place to prevent it.
By Phil Smith