Security is not a top priority for UK firms seeking business benefits from digital transformation projects, according to a survey of 530 decision-makers.
Only 24% of respondents from a range of different-sized UK businesses said they were prioritising security in new technology investments.
Despite the European Union’s General Data Protection Regulation (GDPR), only a third (34%) of respondents said regulatory change was triggering the purchase of new technology in their organisation, according to the 2019 Digital business report by UK software and services firm Advanced.
“The GDPR should have been a wake-up call for organisations to better protect their customers’ personal data, but many businesses are still failing to take security seriously,” said Justin Young, director of security and compliance at Advanced.
“Information security is important – not only because it can improve customer confidence, support good data governance and demonstrate compliance with the GDPR, but also because it is actually a key driver to achieving successful digital transformation. In fact, no technology should be implemented without understanding its security implications.”
And yet, the report shows that only 53% of organisations polled have a security strategy in place, with more than a third of survey respondents saying security concerns are holding them back from achieving a successful digital strategy.
Justin Young, Advanced
While it’s unclear from the research what the concerns and barriers are, the report said a large number of reports suggest a skills shortage could be to blame. The latest (ISC)² Cybersecurity workforce study, for example, states that 63% of organisations have a shortage of IT staff dedicated to cyber security, with 59% at moderate or extreme risk of cyber security attacks as a result.
“What is clear, however, is that organisations need to act now,” said Young. “They need to work out what skills they do have in-house to manage the basics, work out what to outsource if necessary, and prioritise raising awareness across the rest of the workforce.
“Ultimately, every cyber security strategy must start with educating people that a company’s data is sensitive – and this education must not stop. This means IT and security leaders continually need to ensure a culture of responsibility is adopted at all levels,” he said.
The need for improved cyber security was further underlined in April 2019 by the Hiscox cyber readiness report 2019, which showed that 61% of more than 5,400 small, medium and large businesses across seven countries, including the UK, reported a cyber attack in the past year, up from 45% the previous year.
Similarly, the UK government’s Cyber security breaches survey, also published in April, found that 32% of all businesses and 60% of medium-sized ﬁrms had identiﬁed breaches or attacks in the previous year.