PwC: UK businesses still fail to take on cyber security

19 November 2015 Consultancy.uk

Information security remains a key challenge for businesses around the world, as adversaries become more and more sophisticated. The cost to reputation and the bottom line can be considerable, with an average incident costing £1.7 million. In response, more and more organisations now have a cyber security risk framework – with many also turning to cloud-based, analytics based and collaboration based protections, research by PwC shows. Board level participation in cyber security planning is also up, as more and more organisations realise the considerable costs that come from a lack of vigilance.

Threats to information technology systems continue to escalate across the globe, particularly in terms of frequency, severity and impact, as more and more devices come online. Even while the number of threatened systems increases, and the level of sophistication of adversaries improves as they hone their understanding of systems and people, the defenders too are improving their capacities. Detection methods and innovation to bolster front line cyber security systems are on the rise globally, with executives seeking ways in which to mitigate risks to their businesses.

Executive location

PwC recently released the ‘Turnaround and transformation in cyber security’ summary of its yearly ‘The Global State of Information Security Survey 2016’. The report considers changes to the cyber security landscape, as well as which new innovations and frameworks executives are looking towards to improve security and mitigate enterprise risk. The survey involved responses from more than 10,000 executives including CEOs, CFOs, CISOs, CIOs, CSOs, Vice-Presidents, and Directors of IT and information security. The survey spanned the world, 37% of respondents came from North America, 30% from Europe, 16% from Asia Pacific, 14% from South American and 3% from the Middle East and Africa.

Aggressive cyber attacks
The report finds that the sophistication and boldness of cyber-adversaries is on the increase around the globe. The UK in particular has a large number of organisations that lack oversight into their own systems. One in ten (10%) UK companies does not know how many cyber security attacks they have had this year and 14% do not know how they happened. The biggest cause for concern remains current employees accounting for 34% of incidents, former employees for 29% and current service providers / consultants  / contractors for 22%.

Benefits of cyber security framework

Many organisations simply lack the skills and tools required to combat infiltrators. Things are improving however, and, since last year, the number of detected security incidents is up 38%. The increased detection is in part because 91% of organisations have now adopted a cyber security framework based on risk. This framework allows them to better identify channels through which adversaries act and thereby detect their activity. According to 49% of respondents, their cyber security framework is better able to identify & prioritise security risk, while 47% responded that a framework allows them to quickly detect & mitigate security incidents.

Data-driven cyber security
One development has been a more towards cloud based and data driven cyber security. Cloud based security offers a means to enable improved intelligence gathering, threat modelling, defence against attacks and incident response. The benefits of the technology have seen considerable investment in private cloud in recent years, and 69% of respondents say that they use the technology as part of their wider strategy.

Benefits of data-driven cyber security

Big-data, while providing a means to understand action, is often a considerable liability, as personally identifiable information is often present in large databases. The report highlights however, that big data analytics – used to traverse the data – also provides a means to improve cyber security. 59% of respondents say that they using data-powered analytics to enhance security by shifting security away from perimeter-based defences and helping organisations to put real-time information to use in ways that create real value.

There are a number of benefits to a data-driven cyber security approach according to respondents. Two in thee (61%) say that it provides a better understanding of external threats, 49% say that it improves an understanding of internal threats, while 39% feel that it improves an organisations ability to quickly identify and respond to security incidents.

Benefits of external collaboration

External collaboration
One further form in which organisations are seeking to limit their exposure is through collaboration with others to improve security, something 65% of organisations are engaged in. According to the respondents, benefits include improved defence through shared and received information from industry peers (56%), shared and received information from ISACs (46%), and improved threat intelligence and awareness (42%).

Board participation in information security

Board participation
The participation at board level in cyber security matters has been steadily increasing in recent years, with incidents often leaving behind a broad swath of operational, reputational and financial damages, damages boards are seeking to proactively mitigate. Boards are now considerably more engaged in providing a cyber security budget, up from 40% to 46%, developing overall security strategies, up from 42% to 45%. As well as driving security policies and security technologies, at 41% and 37% respectively.

Commenting on the results, Richard Horne, PwC Cyber Security Partner, says: “In our digitally-interconnected world, businesses cannot stand still. They need to prepare and continually test their defences – and respond to breaches – in the face of incredibly sophisticated attacks. This requires commitment and leadership from the very top of an organisation to prevent breaches, but also to detect and respond to them rapidly and in the right way when they happen.”

According to a recent study by EY, if organisations want to come through the cyber war unscathed, it is key they build an active cyber-defense stance, as opposed to the traditional reactive strategy.

More on: PwC
United Kingdom
Company profile
PwC
PwC is not a United Kingdom partner of Consultancy.org
Partnership information »
Partnership information

Consultancy.org works with three partnership levels: Local, Regional and Global.

PwC is a Local partner of Consultancy.org in Middle East, Netherlands.

Upgrade or more information? Get in touch with our team for details.

Send
PwC CEO Kevin Burrowes reflects on global CEO expectations for 2025
Australia
PwC CEO Kevin Burrowes reflects on global CEO expectations for 2025 PwC’s Australia boss Kevin Burrowes has commented on the findings of the firm’s latest annual global CEO survey, noting the benefits of longer leadership tenures in driving business reinvention.
10 February 2025
PwC and Microsoft extend AI Copilot collaboration
United Kingdom
PwC and Microsoft extend AI Copilot collaboration Microsoft has announced a strategic collaboration with PwC. The deal will allow the Big Four firm to bring the latest Copilot Agents to its clients.
04 February 2025
CEOs in Jordan cautiously optimistic amid geopolitics and other challenges
Jordan
CEOs in Jordan cautiously optimistic amid geopolitics and other challenges Despite facing some significant geopolitical challenges, CEOs in Jordan remain cautiously optimistic about growth prospects.
03 February 2025
EY and PwC set to miss 2025 partner targets for women
United Kingdom
EY and PwC set to miss 2025 partner targets for women The UK wings of EY and PwC are reportedly off track when it comes to meeting their targets for the proportion of women in their respective partnerships.
30 January 2025
PwC appoints three new partners in Australia
Australia
PwC appoints three new partners in Australia Professional services firm PwC has added three new partners in Australia, including recruits Nick P’ng and Kerryl Bradshaw in Melbourne and Perth, and Brisbane-based promotee Robert Kopel.
28 January 2025
Middle East CEOs most confident globally about company growth in 2025
Middle East
Middle East CEOs most confident globally about company growth in 2025 CEOs in the Middle East are among the most confident globally about revenue growth in the year ahead. That is according to the 2025 edition of PwC’s annual CEO Survey.
27 January 2025
Saudi Arabia’s economic potential in the gaming and esports market
Saudi Arabia
Saudi Arabia’s economic potential in the gaming and esports market Through strategic investments, fostering talent and integrating gaming into the fabric of society, Saudi Arabia is solidifying its position as a leader in the thriving gaming and esports market, writes Faisal AlSarraj, KSA Deputy Country Leader at PwC.
22 January 2025
Saudi’s thriving esports scene set for SAR 50 billion contribution to GDP
Saudi Arabia
Saudi’s thriving esports scene set for SAR 50 billion contribution to GDP Saudi Arabia could enrich its national GDP by SAR 50 billion in the coming decade, if the nation continues to nurture its burgeoning esports market.
20 January 2025

Cyber Security news

Cyber Security consulting firms Cyber Security consulting services

ICT news

ICT consulting firms ICT consulting services

IT Strategy news

IT Strategy consulting firms IT Strategy consulting services

Risk & Compliance news

Risk & Compliance consulting firms Risk & Compliance consulting services