Veracode, a leader in protecting enterprises from today’s pervasive Web and mobile application threats, today issued findings from a joint Cebr/Veracode study of over 200 C-level British executives revealing a significant gap between industry expectations and government cybersecurity performance.  According to Cebr, one of the UK’s leading independent commentators on economics and business trends, some 60% of CTOs feel the government is not doing enough to prevent cyberattacks.  In addition, the top three concerns of UK business executives are breach costs (including forensic, cleanup and legal costs), reputation and brand damage, and lost revenue due to downtime.

 

Cyberattacks pose a serious financial threat to the UK economy, according to the report. Cybercrime and other attacks cost UK businesses a total of £34 billion per year, consisting of £18 billion in lost revenue and £16 billion on increased IT spending as a result of breaches.  The issue is widespread, according to the Department for Business, Innovation and Skills (BIS), which found 81% of UK business suffered from a breach in 2014[1].

 

With cyberattacks predicted to cause much more damage in the future, according to the Royal United Service Institute (RUSI)2, businesses aren’t waiting for the government to rescue them.  More than half (57%) of CEOs hold themselves accountable for major cybersecurity incidents, and 88% of businesses have increased their annual IT spending following a cybersecurity breach.  However, 70% of CTOs also believe their current cybersecurity policies stifle innovation, which potentially indicates a need for more streamlined and automated risk assessments.

 

Surprisingly, respondents listed theft of corporate intellectual property (IP) as their sixth priority (second from last) in terms of top cybersecurity concerns.  This is in stark contrast to US perceptions, where board members ranked theft of IP – leading to loss of competitive advantage – amongst their top three cybersecurity worries3.  The UK result may indicate a lack of awareness by UK executives, given that 34% of cybercrime in UK businesses is tied to IP theft4.

 

“The UK economy is under siege from cyberattackers and the UK government should look to other successful private/public partnerships – such as Swiss banking regulations, German data privacy laws and US breach disclosure laws – as a model of how to improve the situation for us all,” said Adrian Beck, Veracode’s director of enterprise security program management. “For example, disclosure laws would require firms to report breaches in a timely fashion, thereby protecting consumers from identity theft and encouraging companies to implement best practices when dealing with cybersecurity.”