25 February 2014 baesystems.com
90% of British businesses surveyed expect the number of cyber attacks to increase. Majority of major companies surveyed are increasing cyber security spend after recent attacks. 67% of UK respondents said organised groups of fraudsters now presented greatest cyber threat
New research released by BAE Systems Applied Intelligence today reveals that the majority of UK businesses (57%) now regard the threat from cyber attacks as one of their top three business risks. The research mirrors the recent warning from the World Economic Forum, which included cyber attacks in its 5 biggest threats facing the world in 2014.(1) In the most recent research, conducted earlier this month, the majority of international respondents (58%) said that recent high profile cyber attacks on international businesses, including banks and retailers such as Target, have led to their organisation increasing its budget for cyber security.
The latest research comes as BAE Systems Applied Intelligence releases a new report, “Business and the Cyber Threat: The Rise of Digital Criminality”, based on a broader international survey (2) which details business concerns and opinion around the cyber threat. It comes in the wake of a series of high profile attacks, where criminals have used highly sophisticated cyber techniques to conduct financial crime on a massive scale. It was immediately striking that organised fraudsters capable of carrying out increasingly sophisticated attacks are viewed by 67% of respondents in the UK (and 55% overall) as being the chief threat. This suggests that predictions that cyber-enabled fraud will become the new frontline in the war against digital criminality are rapidly becoming a reality.
Faced with these challenges it was alarming to note that a significant proportion of respondents internationally (30%) have concerns about their Board’s grasp of the risk posed by targeted cyber attacks. In the UK, however, confidence in Boards’ grasp of the issue was much greater – with 65% of UK respondents believing their Board fully appreciates the business risk presented by cyber attack.
Interestingly, the research showed that businesses’ awareness of the scale and size of the cyber threat appears to be growing, and the majority of respondents are confident that their organisations are well equipped to prevent targeted attacks, with 70% of UK companies possessing crisis plans in the event of a cyber attack. However, the research also found that a large majority of businesses (90% in the UK and 84% overall) expect the number of cyber attacks to increase over the next two years.
Martin Sutherland, Managing Director, BAE Systems Applied Intelligence, said:
“What this research clearly demonstrates is that whilst businesses are increasingly aware of the threat presented by digital criminality, the ever-evolving threat landscape means that there is a real need for continued agility in dealing with these threats. Digital crime as a whole - a dangerous combination of organised groups of criminals using cyber techniques to carry out financial crime on an industrialised scale - is a major concern, particularly since the most recent wave of high-profile attacks.
“We’re starting to see genuine interest from British businesses who realise that the threat of digital criminality is something that affects their whole business and is not just an IT issue. As the number of avenues open to criminals in a hyper-connected world increases, it is more essential than ever that organisations think carefully about the actions they need to take to protect themselves and their customers as effectively as possible.”
Further key UK findings include:
Cost: In the UK, 40% of respondents estimated a successful cyber attack would cost their organisation more than £50 million, a further 10% of UK respondents said the cost would be more than £10 million.
Concern: when asked what they would be most concerned about in the event of a successful attack, the most common responses was loss of customer data (60% of respondents internationally), theft of intellectual property (43%) and reputational damage (35%).
Convergence: Organised groups of fraudsters were identified by respondents internationally as the most likely group to mount targeted cyber attacks. Of those respondents who had encountered cyber-enabled fraud, 77% of UK respondents expect cyber to play a greater role in financial fraud.
Crisis Plans: 30% of UK organisations surveyed did not have, or were unaware of, crisis plans in the event of a cyber attack on their company. Of those respondents who did have crisis plans, 60% of UK respondents thought their companies’ plans were well publicised.
Change: Majority of respondents internationally think that new business practices such as greater use of Mobile Technologies (71% of respondents) and Critical Operating Systems (69%) represent a significant cyber risk to their organisation.
The full report can be found at: http://www.baesystems.com/ai/cyberthreat