More than a third of UK cyber security pros say their companies were attacked in 2015
Most infosec pros reported that phishing or social engineering were the form of attack
More than a third (36 per cent) of UK cyber security professionals said that their business was hit by an IT security incident in 2015, according to a survey of nearly 200 IT security professionals by recruitment firm Harvey Nash.
In contrast, at Computing's Security & Risk Management Summit 2015, 85 per cent of our delegates said that they had been attacked in the last year, with 13 per cent stating they had been attacked in the last three months.
In its survey, Harvey Nash found that most senior information security professionals (73 per cent) reported that phishing or social engineering were the form of attack, while 53 per cent reported a virus or malware outbreak. Almost a quarter (24 per cent) of information security professionals said that their firms had experienced a denial-of-service or distributed denial-of-service (DDoS) attack. Some of the findings echoed the results of Computing's own in-depth research, which can be found here.
According to Harvey Nash, in more than half (56 per cent) of these security incidents, there was a loss of revenue or profit, and in more than a third (35 per cent) a loss of customer confidence inflicted "less tangible but equally serious damage".
In the same report, Harvey Nash reveals that 73 per cent of senior information security professionals rate a lack of a security-aware culture as most critical to information security success.
"It appears that more lip service is being employed than actual experts on the ground who can deliver information security cultural change," said Stephanie Crates, head of London information security practice at Harvey Nash.
However, this doesn't mean that organisations aren't trying to get up to speed; 89 per cent of senior information security professionals say their organisation is committed to developing and maintaining an information security-aware culture. Incidentally, seven per cent said that their organisation was not committed to do this, while four per cent said they didn't know.