“Cyber security budgets on the rise, but not in line with increasing threats” warns IISP via Member Survey

The Institute of Information Security Professionals (IISP) has announced the findings from its 2016 Member Survey. With over 2,500 members working in security across a wide range of industries and roles, including a significant proportion at senior/lead/CISO level, the results of the IISP study provide an accurate snapshot of the state of the UK’s cyber security landscape from those working on the front line.

The Member Survey reveals that, for over two thirds of those questioned, information security budgets have increased, while a further 15% said that they had remained the same. These are encouraging figures, but they do have to be examined alongside increasing risk.

The Member Survey also finds that 60% of respondents feel that budgets are still not keeping pace with the rise in the level of threats. Only 7% of security professionals report that budgets are rising faster than the level of threat.

“In times of financial pressure or instability, security is often seen as a supporting function or an overhead,” explained Piers Wilson, director at IISP. “Security budgets are hard won because they’re about protection against future issues, and so they’re a pretty good indication of the state of risk awareness in the wider business community. While it’s good news that businesses are increasing their investment, it’s clear that spending on security isn’t at a level that matches the changing threat landscape.”

Staff training and development

The IISP Member Survey finds that, when it comes to recruitment, there’s still a skills shortage. The problem, though, doesn’t just lie in the number of people. Respondents point towards a shortfall in the level of skills and experience, making staff training, development and retention crucial to the future of the industry.

The question: ‘As an industry, are we getting better or worse at defending systems from attack and protecting data?’ generated encouraging responses, with only 10% thinking that protection levels are declining.

With growing recognition that, despite every control and safeguard, a determined attacker will always be able to find a hole in the armour, the IISP Member Survey looked at incident response. Again, this resulted in a fairly positive picture with an impressive 49% reporting improvement.

Overall, the results of the IISP Member Survey show that there are growing challenges from more types of attack, more sources of threats, a greater reliance on increasingly complex IT systems, a shortage of effective security staff and a regulatory environment that’s both fluid and challenging.

However, the heightened awareness of security risks and the impacts of a breach are driving an increase in investment, skills, experience, education and professionalism.

“While there’s clearly much more work to be done,” concluded Piers Wilson, “the results of the IISP Member Survey are encouraging.”

*A copy of the IISP White Paper on the detailed results of the Member Survey is available at: http://IISP.informz.net/IISP/data/images/WhitePaperWebsite.pdf

Alert for businesses as cyber attacks set to double crime figures

Businesses have been alerted to protect themselves from increasingly sophisticated cyber criminals amid concerns that attacks are set to double the national crime figures.

Nick Marlow, director at Minster Micro Computers, has issued the warning to state that businesses are under ‘extreme risk’ as criminals create ways in which to simultaneously hack thousands of global IT systems.

The alert comes amid concern that crime statistics for England and Wales will double when the Office for National Statistics (ONS) begins to include the category of cyber crime alongside other forms of criminality (such as burglary) when it publishes its Crime Survey on 21 July.

A field trial conducted by the ONS last summer found 2.5 million incidents of ‘computer misuse’ affecting 46 out of every 1,000 adults in England and Wales.

Nick Marlow

Nick Marlow

“Viruses and other malware are constantly evolving, but the blunt truth for any business here in the UK is that if it doesn’t have adequate protection through properly deployed anti-virus software then the organisation will be attacked,” explained Marlow in conversation with Risk UK. “Online criminals are becoming increasingly sophisticated, and this means businesses could have their systems affected even if they’re not the intended target.”

Marlow added: “There are countless examples of where businesses have unintentionally sent spam e-mails to customers and compromised their security, personal information and reputation. Even worse, there’s a growing trend of businesses having their files encrypted and held to ransom. That’s just the tip of the iceberg.”

To combat the cyber criminals, Marlow insisted companies need to be proactive and carry out a full review of their network security, identify their potential failure points and review any disaster recovery plans in place.

“All desktop computers, laptops, mobile devices and servers connected to a network have to be protected,” urged Marlow. “Statistics show that people are more likely to be attacked through their computer than in person. It’s frightening but true, and that’s why businesses and individuals must take action, protect themselves with robust and more sophisticated anti-virus software and really fight back against the cyber criminals.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts