UK businesses ‘overconfident on cyber security’

UK businesses ‘overconfident on cyber security’ [Image: HYWARDS via iStock]

UK businesses are overestimating their cyber security defences, a new survey has revealed.

Conducted by Ovum for FICO, the research found that 75 per cent of UK firms surveyed said they are better prepared for data breaches than their competitors, an increase from 60 per cent last year.

Meanwhile, 43 per cent said their firm was a top performer. However, the report authors have called this “overconfidence”, pointing out that just 36 per cent of organisations are carrying out more than a point-in-time assessment of what their cyber security risk is.

Financial services firms were found to be the most confident among British industry, with 55 per cent reporting that their organisation was a top performer, and 41 per cent claiming theirs was above average.

Telecommunications providers were second on the list, with 42 per cent calling their firm a top performer. The least confident – or “most realistic” – respondents were those in retail and ecommerce, where 38 per cent said their firm is a top performer, and just 19 per cent said they were above average.

Steve Hadaway, FICO general manager for Europe, the Middle East and Africa, said: “The grave risk posed to our privacy and security demands that firms take an honest view of their protection.

“These numbers suggest that many firms just don’t understand how they compare to their competitors, and that could lead to a lack of investment. When we review firms’ cyber security risk with our FICO Enterprise Security Score, I can tell you that most firms are not above average.”

Maxine Holt, Ovum research director, added that IT leaders have more funding than ever before to protect their companies from “the continuously evolving threat landscape and meet complex compliance demands”.

However, these IT leaders are keen to believe that the money they spend provides their organisations with better cyber security than others, but that the rapid pace of investment, which is often in point solutions, rarely takes an organisation-wide view of security.