67% of UK-based firms feel cyber security worries prevent new tech adoption

Over two-thirds (67%) of British companies feel that cyber security concerns prevent them from adopting new technology to grow their business faster. That’s according to a new report from EY based on a survey of 175 C-Suite executives at UK-based organisations. Cloud computing and the Internet of Things (IoT) are the two technologies perceived to pose the greatest cyber security risks.

Mike Maddison, EMEIA cyber security advisory leader at EY, observed: “There’ pressure for companies to compete in the technology arms race, but cyber security fears are sometimes thwarting adoption in important areas such as cloud computing, blockchain, Artificial Intelligence and the IoT. This is illustrated in the concerns of our survey respondents, as 42% of technology and business leaders feel that they’re lagging behind their competitors in the adoption of new technology.”

Maddison continued: “In recent years, the rate and pace of technological advances, regulatory change, cyber attacks and data breaches have moved cyber security rapidly up the corporate agenda. Protection and prevention are still paramount yet, to stay ahead of these evolving trends, organisations need to start thinking differently about cyber security. Business leaders need to make the leap from seeing cyber security as only a protective measure to it also being a strategic value driver.”

Furthermore, 83% of the surveyed organisations feel there’s industry pressure to display good levels of cyber security. More than three-quarters (76%) believe that having a cyber secure brand is now important for helping to build competitive advantage.

Divisions at Board level 

The report finds that, across many organisations, the views of Chief Information Officers and those of other Board members around cyber security are not yet aligned. Business leaders such as the CEO, the CFO and the COO tend to be less confident about their organisation’s cyber security posture than those with direct responsibility for IT and technology such as the CIO and Chief Information Security Officer.

In addition, technology leaders are more likely to believe it’s important for competitive advantage to have a cyber-secure brand (82%) compared to only 68% of business leaders.

More than half (57%) of business leaders and exactly half (50%) of technology leaders cite a lack of business sponsorship as the biggest barrier to improving their organisation’s cyber security. Views differ further on how to secure and embed that engagement. Technology leaders are more likely to focus on accountability. A majority (58%) suggest that giving an individual Board member overall responsibility for cyber security would have the greatest impact. Meanwhile, business leaders are more interested in strategy, with 64% believing the biggest gains would come from making cyber security more of a strategic priority.

Levels vary across sectors 

According to the survey, cyber security maturity levels vary significantly across sectors. The perceived value of cyber security is higher in the sectors with more direct interaction with consumers and where higher levels of personal data are held.

Respondents from the technology, media and telecoms sector had the highest levels of Board awareness, the largest planned investments in cyber security and the fewest concerns around cyber security as a barrier to adopting new technology to grow their business. In addition, 96% said they believe their Boards know how to quantify cyber security risks and 80% have a Board member with direct expertise in cyber security.

Survey respondents from the retail sector were unanimous in their belief that a cyber secure brand is important for competitive advantage. Evidence of this is that 80% of the retailers surveyed plan to increase their cyber security spending by between 15% and 25% over 2019.

Respondents from infrastructure companies are investing less money in cyber security than other sectors. Some 60% of infrastructure sector respondents invest 5% or less of their total IT budget in cyber security, with 56% not planning to raise spending during 2019.

Lack of accountability 

One route to a sharper cyber security focus is to strengthen responsibility. According to EY’s survey, more than half (57%) of organisations don’t have a Board member with direct expertise in cyber security, and nearly two-thirds (67%) don’t believe one is needed.

On that note, Mike Maddison concluded: “Although direct Board expertise in cyber security may not be needed, Board-level understanding of the risks posed to the business is needed for a stronger cyber security posture. In addition, for more than half (53%) of those organisations surveyed, a lack of business ownership is seen as the biggest barrier to improving cyber security.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts