Freely subscribe to our NEWSLETTER

In an ever-evolving cyberthreat landscape, there is great pressure on those tasked with maintaining IT security to put in place policies and solutions that keep organisations and the data they hold secure. Alongside the threat to privacy, the financial risk for businesses is immense, with data showing the average cost of a data breach now to be around £3 million per incident[1].

Despite the inherent risks of being complacent, many IT security decision-makers are failing to implement effective measures to protect customer data from cyberattacks. For instance, more than half (57%) say they do not currently have a cybersecurity policy in place – rising to more than two-thirds (71%) of medium-sized businesses (250 to 549 employees). Just four-in-ten (41%) businesses surveyed believe their organisation is protected with robust endpoint security.

Alongside security, consumer confidence is vital to the growth and maintenance of increasingly interconnected businesses. The majority of IT security decision makers (69%) are concerned they would lose customers following a data breach, while 74% of survey respondents believe that being perceived as cyber-complacent would be damaging to business.

However, this concern is not translating into appropriate action, with cyber-complacency having an affect on the regularity of risk assessments carried out by UK businesses. With the nature of threats constantly evolving, Kaspersky recommends that companies conduct a cyber-risk assessment at least every six months to ensure policies and safeguards are up to date and fit for purpose. As shown in a recent Kaspersky report –The true cost of cyber-complacency: UK businesses cannot afford failure when protecting customer data – only 38% of respondents in this new survey do this in practice, making it unsurprising that almost half (47%) experienced at least one cyberattack in the last 24 months.

“Being complacent with cybersecurity, and customer data, can be incredibly costly. Along with losing sensitive information, a data breach affects business revenues, customer confidence and reputations,” comments David Emm, Principal Security Researcher at Kaspersky.

“There have been many examples in recent years of household brands suffering data breaches, showing that even the most renowned businesses are at risk. For many organisations, the ramifications of a breach could be irreversible. This is why we urge business and organisations of all sizes to adopt robust cybersecurity policies, taking expertise where needed to ensure they have the best preventative measures in place.”
With 61% of IT security decision-makers thinking it is likely that their organisation will face one or more cyberattacks over the next two years, Kaspersky recommends the following advice to help protect organisations:

• Conduct regular cybersecurity assessments to review policies and services – ideally every six months
• Invest in and regularly update robust endpoint security solutions that offer effective protection against the latest cyberthreats
• Organise frequent cybersecurity training for IT staff, so they are aware of the organisation’s policy and solutions.

Research methodology
Kaspersky commissioned independent market research agency Arlington Research to undertake quantitative research amongst 200 IT security decision makers across the UK from organisations with 50 to 5,000+ employees, to explore the extent of UK organisations’ cyber-complacency.