Only four per cent of UK organisations have IT security functions that fully meet their needs, a new survey released by one of the "big four" international professional services firms, Ernst & Young, claims.
Ernst & Young's 16th annual Global Information Security Survey asks 1,900 senior executives worldwide about cyber security within their business. This includes the level of awareness and actions taken by the firms to thwart attacks.
Further reading Not enough cyber warriors to fight computer hackers, says former White House security chief Ex-NSA CIO blasts US government's 'terrible' cyber security - and companies aren't much better Banks to undergo extensive cyber threat test Impact of cyber crime rockets as costs and resolution times soar - HP report NSA chief talks up need for cyber security legislation World needs 21 million cyber security professionals - but there's only 3,000 now, warns expert
In the UK, 96 per cent of respondents feared that their information security functions did not fully meet their needs, while 66 per cent reported that security incidents within their organisation had increased by at least five per cent over the past 12 months.
Worldwide, 69 per cent of respondents claimed that budget constraints was a key factor that hindered the fight against cyber-threats, while 66 per cent believed that a lack of skilled personnel was to blame. More than a quarter of participants (28 per cent) indicated a lack of executive awareness or support as an issue.
"A lack of skilled talent is a global issue. It is particularly acute in the UK, where government and companies are fiercely competing to recruit the brightest talent to their teams from a very small pool," said Mark Brown, information security director at Ernst & Young.
"As a result, while organisations feel they are addressing the right priorities, many indicate that they do not have the skilled resources to support their needs," he added.
Brown advised firms to place greater emphasis on improving employee awareness.
"The pace of technology evolution will only accelerate – as will the cyber risks – and by not considering risks until they arise gives cyber attackers the advantage, jeopardising an organisation's survival," he said.
He added that UK businesses that have suffered an attack must learn lessons from the experience.
