Risk:Value report reveals majority of UK senior executives expect to suffer a security breach but only 49% of all critical business data is secure
NTT Com Security research shows company insurance failing to cover for security beaches
London, UK; November 12 2014 – Senior executives within UK businesses say that critical data is not being protected, a new report from global information security and risk management company, NTT Com Security, shows. The global Risk:Value report, based on a survey of 800 business decision-makers (not in an IT role) in the UK, Australia, France, Germany, Hong Kong, Norway, Sweden and the US, shows that UK executives believe that less than half (49%) of their critical data is fully secure.
The report, designed to assess the level of risk within large organisations and the value that senior people place on data security, reveals that the majority (56%) of respondents in the UK agree they are likely to suffer a security breach at some point – which rises to 63% on average globally.
Nearly three-quarters (72%) believe it is vital that their organisation is insured for data security breaches, but only half (54%) admit their company insurance currently covers the financial impact of both data loss and a security breach.
Garry Sidaway, Senior Vice President Security Strategy & Alliances, NTT Com Security, says: “The results provide some real insight into the minds of non-IT executives about the value they place on the data in their business and whether they feel this data is at risk. The report shows a kind of ‘security maturity’ scale developing among businesses who value their data, but do not always recognise the risks to critical information. When asked what they associate with the term data security, only half say it is as ‘vital’, while less than a quarter see it as ‘a business enabler’.
“Unfortunately, security at the board level still tends be associated with data protection and compliance, when in fact securing data properly is absolutely critical to enabling businesses to thrive and survive. There’s also a growing disconnect between the cost of breaches and the importance that organisations place on IT security to drive these costs down.”
The report reveals that UK executives are also underestimating the impact of a security breach. Almost a fifth (19%) think there would be no significant impact on their revenue, while 28% admit they do not know what the financial implications would be. On average, however, UK companies estimate a drop in revenue of 7%. A quarter (24%) say it would take between one and three months to recover, with five months being the average in both the UK and across all eight countries.
The NTT Com Security Risk:Value report highlights four key areas: Data Policies, Data Security, Impact of a Data Security Breach and Personal Knowledge/Behaviour – key UK findings are below.
Data policies in the business
- A quarter of UK executives do not know how much of their IT budget is spent on data security – the highest of any country,
- Over half (52%) think data security is expensive, and 21% associate it with being disruptive.
- Just 6% see poor data security as the single greatest risk to their business, the lowest for all countries, except Australia – and well below the average of 9% across all eight countries.
- Less than half (49%) of UK respondents report that all critical datais ‘completely secure’ compared to 66% in the US and 54% in Australia. Hong Kong ranked lowest with just 29%.
- A third (34%) of UK executives rank consumer customer data as the most important data they need to protect, with business customer data 2nd (33%), and employee data 3rd (27%).
- Less than half (49%) think all their consumer and business customer data is completely secure.
Impact of a data security breach
- Just over half (54%) say their company insurance covers the financial impact of data loss or a security breach, higher than the average (48%) but lower than the US (71%) and Australia (57%).
- Over a third (38%) do not know what their company insurance covers in the event of a security breach or data loss – the highest percentage for any country except France (45%).
- 67% of UK companies have a business or disaster recovery plan in place in the event of a breach.
Personal knowledge and behaviour
- Only half (52%) of executives agree they are kept fully up to date by their IT security team about data attacks and potential threats – below the global average (59%) and one of the lowest figures for all eight countries.
- Nearly half (48%) of UK business decision makers depend upon their IT security team to allow them to use and access work-related data safely whatever device they are using, but a third (34%) see it as a joint responsibility between themselves and the security team.
- A fifth admit to using personal devices not approved by IT security for work purposes.
An infographic on the report’s main UK findings is available. Visit: http://bit.ly/1xoE6ql
To see how businesses across the global fared, visit: http://bit.ly/1u4NZtt.
To download the ‘NTT Com Security ‘Risk Value Analysis’ whitepaper, visit: http://bit.ly/1qCs6fL.
Join the discussion on Twitter: #riskvaluereport
NTT Com Security commissioned market research company Vanson Bourne to undertake an extensive survey of 800 senior business decision makers (not in an IT role) in Australia, France, Germany, Hong Kong, Norway, Sweden, UK and US (100 respondents in each country) in September 2014. Forty-five per cent of organisations had between 1001-5000 employees and 28% had more than 5000 employees. The majority (67%) had a global revenue of between $100 million and $10 billion, and 18% had global revenue of $10 billion+ per annum. Sectors included manufacturing, retail, banking/financial services, transport, healthcare, utilities, telecoms, oil & gas and government.
About NTT Com Security
NTT Com Security (formerly Integralis) is a global information security and risk management organisation, which delivers a portfolio of managed security, business infrastructure, consulting and technology integration services through its WideAngle brand. NTT Com Security helps organizations lower their IT costs and increase the depth of IT security protection, risk management, compliance and service availability. NTT Com Security AG, is headquartered in Ismaning, Germany and part of the NTT Communications Group, owned by NTT (Nippon Telegraph and Telephone Corporation), one of the largest telecommunications companies in the world.
For more information, visit http://www.nttcomsecurity.com