This is despite more than half (54%) seeing an increase in the threat level in the last 12 months, according to new research released today by KPMG. Just over a quarter (27%) say they have definitely taken out insurance against interruption of business by hackers, while only 27% say they know their organisations are insured against e-crime-related data loss.
Malcolm Marshall, UK Head of Information Security at KPMG, comments: “Businesses should be acutely aware of e-crime risks after various recent high-profile cyber attacks against big organisations. But they aren’t taking out insurance for a number of reasons. Not many out there know or understand what insurance is available. Many are also sceptical about the effectiveness of current policies and whether insurers will actually pay out against e-crime claims.”
KPMG and AKJ Associates surveyed 200 senior security decision makers from global businesses including FTSE 100 companies. Lack of knowledge raises risk, insufficient awareness of the increasingly unpredictable e-crime threat also appears to be hampering organisational response, the research finds.
Two fifths (41%) of organisations say their lack of knowledge of potential vulnerabilities is leaving them open to attack. As a result, half (51%) admit they don’t have, or don’t know whether their organisation has, a strategy for dealing with e-crime risk. More than half (58%) of CISOs are also experiencing problems prioritising detection and, a similar proportion (54%), the investigation of e-crime incidents.
Marshall continues: “The threat landscape is changing by the day and it looks like organisations are floundering as they try to protect themselves. You need to act fast to create strategies that enable them to prevent, detect, respond and learn from attacks.”
New technology exposes new vulnerabilities. Compounding the e-crime threat, the report also found that companies are opening up new lines of attack as they attempt to capitalise on popular new business and consumer technologies.
Despite almost a third (29%) having already invested in cloud computing and two thirds (65%) in outsourcing, 69% agree that this activity presents the greatest security risk to their vital data. The majority (87%) also single out Software as a Service (SaaS) as increasing their vulnerability to security risks. Alarmingly, half also believe the internet in its current form does not provide a sustainable platform for e-commerce and e-service delivery. Other major risk-raisers identified include employees using the same devices for business and personal use (83%) and the use of consumer technology in the enterprise (92%), such as smart phones and tablets.
Marshall concludes: “While innovations like cloud and mobile computing deliver cost savings and efficiencies, security needs to be built in from the start to avoid the risks destroying the benefits.”
- ENDS -
Toby Brown, Clare Granville or Lauren Greatorex
Man Bites Dog
T: 01273 716 820
KPMG Press Office: +44 (0) 207 694 8773
KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with nearly 11,000 partners and staff. The UK firm recorded a turnover of £1.6 billion in the year ended September 2010. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. We operate in 150 countries and have more than 138,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. KPMG International provides no client services.
About the e-Crime Survey and Report
The content of this report, sponsored by KPMG, is based on the results of a survey that was conducted online and at the e-Crime Congress 2011 as well as a series of interviews conducted with senior security professionals working for global businesses.
The e-Crime 2011 Survey was completed by over 200 professionals, including a select group of KPMG clients. The results reflect the views of a cross-section of information security stakeholders working for departments that include IT, risk, audit, security, fraud, investigations and compliance. Their responsibilities include the design and coordination of strategy, ensuring data is protected from internal and external threats, meeting regulatory compliance requirements and running investigations. Survey data is presented in aggregate.
About AKJ Associates
AKJ Associates is a business information company that specialises in providing strategic and technical guidance in the areas of corporate risk and security management, and public sector security strategy. AKJ is the organising company behind the e-Crime congress events.
This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.