IT Security Survey Results: “Cybersecurity in 2016 and beyond”
IT security specialist Foursys this week released the results of a brand new cybersecurity survey. The survey reveals some interesting surprises, a few concerns and a worrying conclusion, with over 50% of respondents stating they are “not properly equipped” to deal with the threats ahead in 2016.
The poll, conducted in December 2015, set out to uncover perceptions, trends and attitudes among UK public and private organisations towards IT security.
Over 400 organisations of all sizes ranging in size from small SMEs to larger corporates and public sector organisations completed and returned the survey to Foursys.
The results make a fascinating report, which summarised in the form of an infographic titled “Cybersecurity in 2016 and Beyond”.
Over 30% of respondents stated that their organisation had either suffered a security breach in 2015 – or preferred not to say. Of the 15% that did disclose that they had suffered a breach, the majority pointed to malware and phishing as the biggest issues.
Interestingly, over 40% of those that suffered a security breach said it was a ransomware attack – meaning that one or more devices in their organisation had been subjected to malicious encryption pending a payment in return for an encryption key. This is a worrying figure.
Some 20% of the respondents who suffered a breach suffered “significant disruption to IT systems” or “data loss”, while 79% suffered other some form of disruption. The figures suggest that stronger measures need to be taken to ensure such breaches can be eliminated in the future.
Over 94% of those surveyed stated that their existing security solutions had prevented some form of malware during the year, with 12.6% using between 5 and 7 different security solutions to protect their network.
Looking ahead to 2016
More than 90% of respondents said they will either stick the same number of solutions or increase the number of point products they use, reflecting widespread concern among 73% of those surveyed about the increasing complexity of threats, the multiple types of malicious software attacks and the vectors and channels used.
A similar number said they also planned to maintain or boost their IT security staff numbers in 2016, with just over 85% saying their budgets would be increased or staying the same for the year.
Alarmingly, 43% of respondents said that the senior management teams of their organisations are largely unaware of IT security issues, showing that the importance and risk impact of security attacks such as hacking and data theft don’t appear have worked their way on to the boardroom agenda.
Many see this situation improving through the course of the year however.
The number of organisations planning to run their IT security without a dedicated full time security resource in place in 2016 is (58.5%), outnumbering those with plans to have full time resource in place (41.5%).
The biggest security challenge is seen as end-users, suggesting that education and training on cyber threats is still a major priority for organisations of all sizes. As a result, on top of the 34% of organisations who say they have a cyber security awareness programme in place, another 32% stated that they intend to put one in place in 2016.
Tellingly, over 50% of respondents feel they are not properly equipped to deal with the threats ahead in 2016.
Foursys Managing Director James Miller says: “This survey contains a few surprises, and one or two areas of real concern, not least the level of boardroom awareness of IT security issues.
It provides a fascinating snap shot of the state of IT security at the end of 2015 – I’m looking forward to seeing how things change during the year.”
Concerned about IT security at your organisation? Call Foursys on 01284 788900 to book a security consultation or reserve a place on an one-day ethical hacking course.