Half of IT decision makers have no real strategy to protect against digital crime even though 94% are aware of it. Instead they feel constrained and barely secure, a new report from BT and KPMG says.
The global report, Taking the Offensive – Working together to disrupt digital crime, found that only one fifth of respondents feel confident in their strategies to prevent digital blackmail and bribes - but 91% of organisations feel limited by resources, regulation and 44% feel limited by third party dependence.
Mark Hughes, CEO Security, BT, said: "The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft. The twenty-first century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market," says Mark Hughes, CEO security at BT.
The report states that 97% of respondents had experienced cyber attacks, half had experienced an increase in attack over the last two years.
"With cyber-crime continuing to escalate, a new approach to digital risk is needed – and that means putting yourself in the shoes of attackers. Businesses need to not only defend against cyber-attacks, but also disrupt the criminal organisations that launch those attacks. They should certainly work closer with law enforcement as well as partners in the cyber security marketplace," Hughes continues.
Chief Digital Risk Officers are becoming more commonplace, with 26% of respondents stating they have appointed somebody to the role. The report suggests that organisations are starting to take accountability more seriously.
The report also shares insight into the state of security budgets - 60% of respondents said their budget was shared with the overall IT budget, while 50% believe cyber security should have its own budget. The size and scale of security spending is one of the challenges and factors that dictate effective or ineffective cyber security, the report says.
"It's time to think differently about cyber risk – ditching the talk of hackers – and recognising that our businesses are being targeted by ruthless criminal entrepreneurs with business plans and extensive resources – intent on fraud, extortion or theft of hard won intellectual property," concludes Paul Taylor, UK head of cyber security at KPMG.