Five years into the UK’s national cybersecurity overhaul an astonishing 60 percent of CTOs think that the Government has done a poor job of protecting firms from attack, a survey by the Centre for Economics and Business Research (CEBR) had found.
The Veracode-sponsored report doesn’t delve into the reasons behind this finding but C-level executives varied in their responses with CTOs the most unhappy with only one in ten giving it afirm thumbs up. CEOs and CTO were significantly less negative without being overwhelmingly positive either.
The report, based on 201 respondents, does contain a welter of third-party evidence supporting the sceptical attitude, including that 15 percent of firms believed they had lost revenue as a result of a cyberattack, with some sectors attacked far more than others.
Just over 50 percent named the direct clean-up costs as the main expense, with just under half also mentioning reputational damage. Loss of revenue was mentioned by just over 40 percent, about the same number that believed internal moral had been affected or revenue hit.
Fifty-seven percent of CEOs held themselves responsible for a breach, ahead of IT contractors, compliance officers and CIOs.
But what might the UK Government’s have done differently to change some of this?
“The UK economy is under siege from cyber-attackers and the UK government should look to other successful private/public partnerships - such as Swiss banking regulations, German data privacy laws and US breach disclosure laws – as a model of how to improve the situation for us all,” said Adrian Beck, Veracode’s director of enterprise security program management.
“For example, disclosure laws would require firms to report breaches in a timely fashion, thereby protecting consumers from identity theft and encouraging companies to implement best practices when dealing with cybersecurity.”
Of course it’s not clear that senior executives would necessarily welcome more stringent disclosure laws even if they end up getting them in the form of the forthcoming EU General Data Protection Regulation.
A not very surprising 71 percent of respondents thought they would end up spending more on security in the next five years because of the fear of breaches and cyberattacks, with about the same number suggesting that security also believing that greater security was risking innovation on some level.
The survey also includes some speculative estimates as to the cost of breaches and attacks, including that firms have increased their spending by £16 billion to counter them. Adding lost revenue and raised spending, the figure of £34 billion emerges from the CEBR’s calculator. But most of these costs have rapidly become part of the business models for profit-making organisations and end up being passed to customers.