One-third of CIOs say their company has been hit by major cyber-attack in the past two years

Only one-fifth of IT leaders feel they're 'very well' prepared to respond to cyber attacks

Organisations are more vulnerable to cyber attack than ever before, with one-third of CIOs admitting that their organisation has been subject to a major cyber-attack in the past two years, according to the 2017 Harvey Nash/KPMG CIO Survey.

That is a 45 per cent increase from 2013.

The survey, which is now in its nineteenth year, found that only one in five IT leaders feel that they are ‘very well' prepared to respond to cyber attacks, down from 29 per cent in 2014, suggesting both that the IT security threats that organisations face are rising, and that they are also falling behind in their efforts to respond.

Last year, Harvey Nash and KPMG asked respondents where the attacks were coming from. They were told that organised cyber-crime was their top concern, followed by amateur hackers. This year, the profile is unchanged, but the biggest jump in threats comes from insider attacks, increasing from 40 per cent to 47 per cent over the past year.

Larger companies are more at risk, suggests the survey, with more than half stating that they have suffered recent attacks. Utilities and government organisations receive the most attention from hackers, followed by the education, telecoms and pharmaceutical sectors.

Meanwhile, almost two-thirds of CIOs say that the wider political, business and economic environment has become more unpredictable and, as a result, they are adapting their technology strategy and plans.

That unpredictability is also having an impact on budget planning, with 49 per cent saying that they've had to find a way to work with restricted budgets, and 45 per cent saying that it has driven further investment in cyber security.

Unsurprisingly, CIOs at larger organisations are far more likely to invest in cyber security: 43 per cent of CIOs with an IT budget of less than $50m said they would invest more in cyber security to respond to change, while 55 per cent of IT leaders with a budget of $50m to $200m, and 53 per cent of CIOs with a budget of $200m or more said they would invest more in cyber security.

Meanwhile, CIOs involvement at a strategic business level is increasing. In 2005, only 37 per cent of CIOs sat on their executive committee - that figure has now risen to 62 per cent. Meanwhile more than three-quarters attended a board meeting within the last 12 months.

At these board meetings, CIOs give IT strategy updates (63 per cent), discuss a major technology investment (45 per cent) or talk about a digital transformation and disruption strategy (37 per cent). Cyber security (34 per cent) and explaining a major technology issue (15 per cent) are other popular discussion points during board attendance.

And, at the same time, chief information security officers (CISOs) are also rising to board level - with a remuneration package to match.