CIO’s see security budget increase to tackle cyber threat
More than half of CIOs in the CIO 100 said their organisation had detected a cyber intrusion in the last 12 months, with a massive 95% responding security had risen up their management agenda – although not as many were seeing a corresponding increase in their budget to support this.
Some 56% of CIOs in the 2015 CIO 100 across industry – including local government, charities, retail, financial services, utilities, the NHS, media, universities, and manufacturing – responded they had detected a security breach in the last year, showing the cyber threat is a constant worry for CIOs whether you are supporting underprivileged children and aid workers worldwide, handling billions of pounds in financial assets, protecting intellectual property in the pharmaceutical industry, selling top-end boutique men’s fashion or serving millions of healthcare patients in the UK.
And while 19 in 20 said cyber security had risen up their management agenda and 91% responded that they felt their organisation fully understood the threat posed by cyber intrusions, 73% also revealed cyber concerns had led to an increase in their security budget.
John Dunn, security editor on CIO UK’s sister title Techworld, said that the period « when security breaches were looked upon as a theoretical issue, a sort of worst case scenario that might come to pass but probably won’t » was long gone, and that in particular the number of high-profile breaches since 2013 have punctured this complacency.
« It’s no surprise that 95% of respondents said cybersecurity had risen up the organisational agenda, » Dunn said, « nor that nine out of 10 have come to terms with the possible damage. But does this necessarily mean the issue is being taken seriously at last?
« Budgets appear to be rising – almost three quarters reported this – but still over half admitted to having detected an intrusion in the previous 12 months. Detection is always better than non-detection but the fact that half of those asked had suffered a breach, even one they know had occurred, is still extraordinary. That means that large numbers of firms are suffering anything from micro-breaches to more serious incidents. »
Dunn noted that local government, the NHS and public sector bodies were well represented in the 27% who responded they would not be seeing more budget to deal with the cyber threat, and also that the CIO 100 revelations only really scratch the surface of the problem.
« As one might expect, things are a bit worse in the public sector, strapped for cash and under incredibly scrutiny, » he said. « Nobody hear wants to fail, nor can afford the publicity that would bring. There is fear in the air.
« However, there is still no way of estimating the seriousness of these events. There is no way of gaining visibility on what is happening inside UK organisations; where breaches are covered by the Data Protection Act which is considered best practice.
« Until we gain that visibility through mandated reporting to someone, even if anonymous, the outside world has no way of understanding the size of the problem faced by the economy. »