But unusually British companies tend to insure against data loss
Less than a third (31%) of UK companies plan to increase spending on information security over the next year compared to just over half (52%) of their global competitors.
That is according to the Global State of Information Security Survey, conducted by PricewaterhouseCoopers.
The apparent unpreparedness is despite the fact that 60% of UK respondents said economic conditions and the increased number of threats continue to drive information security spending. T
The survey sampled some 13,000 executives and information security professionals around the world, with 640 polled in the UK.
William Beer, director, OneSecurity practice, PricewaterhouseCoopers LLP, commented: “It is perhaps not too surprising that the challenging economic and business environment we're experiencing in the UK post-recession is having a negative impact on security spending. Yet such spending restraints may risk seriously undermine the ability of organisations to protect their most sensitive data.”
Outsourcing and supply chain concerns are also identified as significant drivers of security spending but again the UK is somewhat out of step with the global trend.
A larger proportion of UK respondents said their business partners (68%) and suppliers (66%) had been weakened by economic conditions.
The survey also comes up with the interesting finding that in the UK many companies are now using insurance as an innovative tool to protect themselves from theft or misuse of assets like sensitive data and customer records.
Over a third (38%) of UK respondents said their organisation has an insurance policy and a significant 83% said their company has collected on a claim (compared to just 13% globally).
Globally, the survey notes that over the last four years the business impacts – including financial losses as well as compromises to brands and reputations – have more than tripled in some cases (up by as much as 233%).
As if protecting data across applications, networks and mobile devices wasn’t complex enough, social networking is presenting companies with a new frontier of risk. Few, however, are adequately prepared to counter this threat.
In the UK, only 32% said their organisation has implemented the necessary technologies needed to support social networking and other Web 2.0 exchanges (blogs, wikis) which compares unfavourably with 60% globally.
William Beer, director, OneSecurity practice, PricewaterhouseCoopers LLP, continued: “Lack of focus on social networking can expose organisations to a variety of risks, including loss or leakage of information, damage to a company’s reputation, illegal downloading of pirated material, and identity theft. It’s not a passing fad and the real challenge will be how to integrate it with the more well-established operational models.”