Survey by FICO and Ovum reveals lack of data breach response plans

Highlights:

• 53 percent of UK executives surveyed believe the number of data breach attempts will be higher in a year, but fewer than half the executives surveyed believe their company will have stronger cybersecurity protection in a year
• Just 48 percent say their investment in cybersecurity will rise in the next year
• Only 41 percent of firms surveyed have a tested data breach response plan, compared to 52 percent in the US
• Ovum conducted telephone surveys for FICO of security executives at 350 companies in the UK and other countries

Less than half of UK firms will increase their investment in cybersecurity protection to match an expected rise in data breaches, according to a new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO. Less than half of executives surveyed believe their company will have stronger cybersecurity protection in a year.

FICO will host a Tweet Chat on the cybersecurity survey with Ovum on 1st June at 16:00 BST. Individuals are encouraged to participate using #cybertrends.

In the survey, 58 percent of senior executives responsible for security at UK firms said that the number of data breach attempts had risen in the last year, and 53 percent expected a further rise in the next year. Among telecommunications firms, 75 percent expected data breaches to rise in the next year.

However, less than half of respondents – 48 percent – said that their level of investment in cybersecurity will increase over the coming year. Similarly, only 49 percent of respondents said their overall cybersecurity position will be better in a year.

“Given the rise in data breaches, it’s surprising that less than half of the firms we surveyed are increasing their investment, or expect to have a stronger cybersecurity position in a year,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “We are in a technological arms race with the criminals, and standing still will give criminals the advantage. Our survey did show that a higher percentage of financial services firms — 67 percent — plan to increase their cybersecurity investment in the next year.”

Security executives named a number of priorities for their cybersecurity initiatives, including better endpoint protection, more firewalls, and greater use of analytics and security intelligence.

One gap noted in existing defences is data breach response plans. While 63 percent of UK respondents have existing monitoring, scoring, and reporting services, and 71 percent have board-level reporting, only 41 percent have a tested data breach response plan. By comparison, 52 percent of US respondents have a tested plan.

“A data breach can be a make-or-break moment for a company,” said Andrew Kellett, principal analyst for IT security, who conducted the research for Ovum. “Your speed of response and your ability to maintain your customers’ trust determines the extent of both financial and reputational loss. If you haven’t tested your response plan, you are putting your firm at greater risk.”

Ovum conducted the survey for FICO through telephone interviews with 350 CXOs and senior security officers in 150 companies based in the US, Canada, the UK and the Nordics in March and April 2017. Respondents represented firms in financial services, telecommunications, retail, ecommerce and media service providers.