UK companies are not taking cyber security as seriously as their US counterparts, who are not only more aware of cyber threats – both malicious and accidental – but provide more training to senior executives about the potential risks.
That is according to research by Vanson Bourne on behalf of BT, which suggests that the failure to address cyber security concerns is a global issue, with the UK lagging behind the likes of the US, France, Germany and Singapore.
Just 17 per cent of UK IT decision makers said cyber security was a major priority for their organisation, compared with 41 per cent in the US. Brazil topped the list of countries where businesses were most concerned about cyber security, with 52 per cent of respondents suggesting their organisation is treating it as a major threat.
However, it is not cyber criminals or hackers who are perceived to be the biggest threat to cyber security, but employees within the organisation. Globally, 65 per cent of respondents to BT's survey suggested non-malicious insider threats such as accidental loss of data was the biggest cyber threat.
Nonetheless, IT decision makers are still well aware of the more nefarious threats which hackers and cyber criminals pose with 63 per cent citing hacktivism as a security concern. The exact same percentage of those surveyed see malicious insider threats, such as the intentional leaking of data by employees as a security risk.
Organised crime is seen as a cyber-threat by 53 per cent of those who responded to the survey, while 45 per cent fear cyber espionage from governments and nation states. Thirty-nine per cent perceived cyber terrorism to be a risk to their organisation.
Respondents in the US perceived threats to be much more apparent, with more instances of proper cyber security training provided to the board, with 86 per cent of US directors and senior decision makers given IT security training. That compares with just 37 per cent in the UK.
"The research provides a fascinating insight into the changing threat landscape and the challenge this poses for organisations globally," said Mark Hughes, CEO of BT Security.
"The massive expansion of employee-owned devices, cloud computing and extranets, have multiplied the risk of abuse and attack, leaving organisations exposed to myriad internal and external threats – malicious and accidental."
Hughes specifically praised businesses in the US for being more aware about cyber threats than their counterparts across the globe.
"US businesses should be celebrated for putting cyber security on the front foot," he said. "The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone.
"As the threat landscape continues to evolve, CEOs and board-level executives need to invest in cyber security and educate their people in the IT department and beyond. The stakes are too high for cyber security to be pushed to the bottom of the pile."