Security Challenges for UK Enterprises
A recent Vanson Bourne study examined the way that UK companies’ IT decision-makers are broadening their risk management thinking and seeking to actively manage their policies.
Fast Changing Threats to Enterprise IT
The study shows that, as well as coping with disruptive tablet, mobile device and cloud technologies, organisations’ senior management is constantly re-addressing the human factor in IT security: the potential for unauthorised or accidental loss of intellectual property (IP) assets by disaffected, misguided or poorly-trained employees.
Threats – Inside and Out
The online survey questioned 100 UK enterprise IT decision-makers drawn from an independent panel of executives. Respondents represented larger (3000+ personnel) and smaller (1000-3000) enterprises.
The study found that the security threats that concern most respondents are: employee attitude to security protocol (77%); malware (76%); use of personal cloud storage (70%); malicious non-commercial external attacks (70%); and commercially-driven attacks (60%).
But the true extent of executives’ concern is revealed by the next fi¬ve threats identi¬fied: personally owned devices (59%); cloud software (58%); mobile devices (57%); internal threats (54%) and supply chain threats (31%) – the mobilisation of data and its access via cloud and smart devices are shifting the focus of corporate risk management towards employees’ workplace tools and behaviours.
Risk Management Thinking – Protocols and Partners
More than two thirds (69%) of organisations review their security providers; this figure rises to 80% among organisations with more than 3000 employees.
A Proactive Approach to Threats
UK companies struggle with regular or even proactive risk management. Although around one fifth (22%) check both protocols and vendors quarterly, 17% do so only twice a year and around one in ten (9%) manages only an annual review of both.
Many respondents leave security to the vendor: over one third (36%) says they don’t carry out this dual review process at all.
Best Practice – A State of Mind?
Nearly three in four of those enterprises that ring-fence more than 10% of their IT budget for security have formal policies to review both security protocols and security providers. In those enterprises where the security spend is less than 5%, only just over half has these dual checks in place.
Bigger firms are upping their investment by slightly more than smaller ones; their average increase in security expenditure is 31%, compared with 23% in smaller companies.
If anything, the study suggests that companies increasing their IT security spending have heightened sensitivity to security threats, rather than complete confidence that they’re fully protected.
More Money for Security
Enterprises found to have the lower proportion of corporate IT budgets ring-fenced for security are far more blasé about the significance of the security threats that the survey listed.
No Room for Complacency
It is clear that a signifi¬cant proportion of ¬firms, particularly those with lower IT security spend, are failing to build a risk management culture, including enforcement of security protocols.
In the face of disruptive technologies and mutating internal and external threats, the most risk-aware UK organisations in this study are in no way satisfi¬ed with their level of protection. They never regard their vital information assets as completely safe.
AFTERWORD
The full report from Vanson Bourne can be seen here.
Should you be interested in discussing this research please contact us at insight@nebula.co.za
Besides Nebula’s insight and research services, we also provide services to help large enterprises assess, optimise and manage their enterprise ICT environments. We also invite you to contact us at insight@nebula.co.za if you are interested in finding out more about our services.
Leave a Comment