Only four per cent of UK organisations have IT security functions that fully meet their needs, a new survey released by one of the "big four" international professional services firms, Ernst & Young, claims.
Ernst & Young's 16th annual Global Information Security Survey asks 1,900 senior executives worldwide about cyber security within their business. This includes the level of awareness and actions taken by the firms to thwart attacks.
In the UK, 96 per cent of respondents feared that their information security functions did not fully meet their needs, while 66 per cent reported that security incidents within their organisation had increased by at least five per cent over the past 12 months.
Worldwide, 69 per cent of respondents claimed that budget constraints was a key factor that hindered the fight against cyber-threats, while 66 per cent believed that a lack of skilled personnel was to blame. More than a quarter of participants (28 per cent) indicated a lack of executive awareness or support as an issue.
"A lack of skilled talent is a global issue. It is particularly acute in the UK, where government and companies are fiercely competing to recruit the brightest talent to their teams from a very small pool," said Mark Brown, information security director at Ernst & Young.
"As a result, while organisations feel they are addressing the right priorities, many indicate that they do not have the skilled resources to support their needs," he added.
Brown advised firms to place greater emphasis on improving employee awareness.
"The pace of technology evolution will only accelerate – as will the cyber risks – and by not considering risks until they arise gives cyber attackers the advantage, jeopardising an organisation's survival," he said.
He added that UK businesses that have suffered an attack must learn lessons from the experience.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy