February 2014

BT Cyber Security
Research
Summary

Based on 500 hundred interviews with IT decision-makers in enterprise-s...
many threats
urrently, both
us and nonsm are
ity to pose
coming 12

ber security is
for

February 2014

BT Cyber Security
...
Upcoming SlideShare
Loading in...5
×

BT Cyber Security Research: Executive Summary

541

Published on

The research provides an insight into the ever-changing cyber threat landscape and the challenge this poses for organisations globally. Crucially, it reveals that the risks to business are moving too fast for a purely reactive security approach to be successful. It also highlights the need for CEOs and board level executives to invest in cyber security and educate people throughout their organisation.
To learn more about this research and find out how BT is working with customers to ensure they are fully protected against threats, visit www.bt.com/btassure/securitythatmatters

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
541
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

BT Cyber Security Research: Executive Summary

  1. 1. February 2014 BT Cyber Security Research Summary Based on 500 hundred interviews with IT decision-makers in enterprise-sized organisations across seven countries – UK, France, Germany, USA, Brazil, Hong Kong and Singapore – and in a range of sectors – finance, pharmaceutical, retail and government – this research assesses attitudes to cyber security, emerging threats and levels of preparedness. It provides an insight into the ever-changing cyber threat landscape and the challenge this poses for organisations globally. Crucially, it reveals that the risks to business are moving too fast for a purely reactive security approach to be successful. It also highlights the need for CEOs and board level executives to invest in cyber security and educate people throughout their organisation. Organisations have some way to go in terms of shared security responsibility... • he majority of IT decision-makers (ITDMs) believe that CEOs T and board members are underestimating the significance that cyber security plays in their organisation. Graph 1 and 2 • nder a third (30 per cent) of business leaders globally see U cyber security as an absolute priority. This increases to 52 per cent in Brazil and 41 per cent in the US but drops to 17 per cent in the UK and 19 per cent in Germany. Respondents that believe the CEO’s attitude towards cyber security is “protection against cyberattack is an absolute priority” (BASE: all respondents) Europe • ess than a quarter (23 per cent) of those outside the IT L department are viewed as taking IT security very seriously, and even fewer (18 per cent) always assess projects with cyber security in mind. • his confirms that responsibility for IT security is not shared T equally across all facets of the business. CIOs as cyber defenders • he CIO/IT director takes ultimate responsibility for cyber T security in the majority of organisations, and is expected to assume different roles in the event of a security breach. • hree quarters (75 per cent) of ITDMs claim that the CIO/IT T director has ultimate responsibility for IT security compared to 9 per cent who see this as sitting with the CEO. 20% • third (33 per cent) of ITDMs believe that they are ultimately A 42% accountable if cyber security results in something going wrong. Americas 44% APAC 58% A re-balancing act • any organisations are looking to redress imbalance through M education. The majority (58 per cent) of organisations are currently training senior decision-makers in IT security. This increases to 86 per cent in the US and 70 per cent in Brazil but No drops to Yes per cent in the UK and 40 per cent in Singapore. 37 28% • ore than half (58 per cent) of ITDMs globally say their M boards underestimate the importance of cyber-security. Respondents that believe the CEO’s attitude towards cyber security is “protection against cyber-attackUS and 68 per cent in This increases to 74 per cent in the is an absolute priority” (BASE: all respondents) Hong Kong, but drops to 32 per cent in Germany and 50 per cent in Brazil. “Do you think the board in your company underestimates the importance of cyber security?” (BASE: all respondents) © British Telecommunications plc • lobally 31 per cent are planning to introduce cyber security G cent in Singapore and 48 per cent in Germany. “Do you think the board in your company underestimates the training in the future. This jumps to 50 per importance of cyber security?” (BASE: all respondents) • his shows that education in cyber security is becoming the T norm for those outside of the IT department, and implies a renewed shared responsibility across organisations. 1 Return on investment • lobally two thirds (66 per cent) of businesses are able to measure G the ROI of their organisation’s cyber security measures. This increases to 90 per cent in the US and 88 per cent in Germany but drops to 21 per cent in the UK and 34 per cent in Singapore. 42% 58% Yes No “Do you think the board in your company underestimates the importance of cyber security?” (BASE: all respondents) There are a multitude of concerns and security threats… • on-malicious insider threats – e.g. accidental loss of data – are N the most commonly cited security concern, being reported by 65 per cent of ITDMs globally. This is followed by hacktivism (63 per cent), malicious insider threat – e.g. intentional leaks – (63 per cent) and organised crime (53 per cent).
  2. 2. many threats urrently, both us and nonsm are ity to pose coming 12 ber security is for February 2014 BT Cyber Security Research Summary • ithin countries, attitudes to threats vary significantly. In the W US, the proportion who see non-malicious insider threats as a risk increases to 85 per cent and is followed by malicious insider threat (79 per cent), hacktivism (77 per cent), organised crime (75 per cent), terrorism (72 per cent) and nation states (70 per cent). In the UK, 60 per cent view non-malicious insider threats as a risk, followed by malicious insider threat (51 per cent), hacktivism (37 per cent), organised crime (32 per cent), nation states (15 per cent) and terrorism (12 per cent). • lobally, over half of ITDMs believe that hacktivism (54 per G cent) and malicious insider threat (53 per cent) will pose more risk over the next twelve months. • errorism is seen as the threat least likely to pose more risk T over the next twelve months, with only 38 per cent believing it will pose more risk. Threats posing risk now and posing more risk over the coming year (BASE: all respondents) 65% Non-malicious insider threat (e.g. accidental loss of data) 51% 63% Hacktivism 54% 53% 53% 47% Organised crime 39% 38% Terrorism Posing risk now • Retail is also furthest ahead when it comes to sharing responsibility and assessing new projects with cyber security being built in. • Almost half (49 per cent) of ITDMs in the retail sector think colleagues outside of the security and IT departments take their work in cyber security very seriously. This drops to 31 per cent in finance, 10 per cent in government and just 7 per cent in the pharmaceutical sector. • per cent of retail ITDMs claim that fellow senior level 35 executives recognise the need to assess all new projects with cyber security in mind. This compares to 24 per cent in finance and 13 per cent in government. • per cent of organisations working in the pharmaceutical 80 sector and 79 per cent in retail are able to measure the ROI of their cyber security measures compared to 48 per cent in government. 45% 39% Nation state • per cent of retail CEOs see cyber security as an absolute 43 priority, compared to 13 per cent of those working in pharma and 28 per cent in finance. • per cent of retail organisations are currently training 63 senior decision-makers in IT security followed closely by 62 per cent in government and 60 per cent in finance. 63% Malicious insider threat (e.g. intentional leaks) Sector perspectives Posing more risk over the next 12 months HowThreatssecuritynow and posing more risk over the are posing risk threats being dealt with? coming year (BASE: all respondents) • n response to emerging threats, three quarters (75 per cent) I of ITDMs globally say they would like to overhaul their IT 2 infrastructure and design it with security features from the ground up. • ust under three quarters (74 per cent) would like to train all J staff in cyber security best practice. • hile just over half (54 per cent) say they would like to engage an W external vendor to monitor their IT systems and prevent attacks. Graph 4 • per cent ITDMs working in finance see non-malicious 76 insider threats – e.g. accidental loss of data – as the biggest security concern compared to 43 per cent in pharmaceutical. 72 per cent of retail sector ITDMs see malicious insider threat as their biggest security challenge. • Hacktivism is the second biggest security concern for ITDMs in retail, government, pharmaceutical and finance. 72 per cent of retail sector ITDMs and 58 per cent in finance think that hacktivism will pose more risk over the next twelve months. • response to emerging threats, three quarters (87 per cent) In of government sector IT decision-makers globally say they The vast majority (75%) see an overhaul of would like to overhaul their IT infrastructure and design it with infrastructure as a way to protect security features from the ground up compared to 74 per cent themselves against security threats, followed closely by training in finance and 61 per cent in the pharmaceutical sector. all staff in cyber “In an ideal world, what would you do to protect your organisation from cyber-threats?” - answers ranked first, second and third (BASE: all respondents) Overhaul our infrastructure and design them with security features from the ground up 75% Training all staff in cyber security best practice 74% Engaging an external vendor to monitor the system and prevent attacks 54% Improve whitelisting policies 49% Increase the use of virtualised environments 47% Other 1% “In an ideal world, what would you do to protect your organisation from cyber-threats?” - answers ranked first, second and third (BASE: all respondents) security (74%) Both methods require a re-education of the business and its practices,learn more about this research and find out how To though a complete overhaul is a more severe and BT is working with customers to ensure they are fully expensive reaction. Training is less disruptive and more feasible, whichagainst threats, visit protected explains its popularity www.bt.com/btassure/securitythatmatters This being said, both methods highlight how organisations need to change in order to deal with numerous security threats

×