85 Per Cent of British Businesses Braced For Escalation in Cyber Attacks

Six months on from the launch of the UK Government’s Cyber Security Strategy, 85% of businesses say they expect  the number of cyber attacks to increase over the next few years, according to “Business and The Cyber Threat: Curiously Confident?” Detica’s 2012 Cyber Security Monitor. When asked about the likely trend in the number of attacks, only 6% believe the number of cyber attacks will remain constant and only 4% expect it to decrease.

And those companies that have estimated the likely financial impact of a targeted cyber attack consider it to be substantial. A third (34%) estimate it to be over £50m, with none estimating it will cost less than £1m.  When asked what would make their board take the business risk of cyber attacks more seriously 61% stated an attack on their company or a competitor.

There is some evidence of growing uncertainty, with those that say they are ‘very confident’ dropping markedly from 34% to 22%, or to around one in four respondents.

However, there appears little willingness to admit real vulnerability, with 89% of respondents describing themselves as fairly (67%) or very (22%) confident that they are well-equipped to prevent targeted attacks, compared to 94% in Detica’s inaugural Cyber Security Monitor in 2010. Curious, given recent high-profile attacks.

Despite this overall level of confidence, appetite for engagement with the government is strong, suggesting that companies believe there is still much to be understood. A quarter (26%) of businesses say they are already engaged with government, with a further half (49%) saying they would be interested in engaging but have not done so yet. Only 9% say they do not want to engage. 

For those not currently engaged with the Government around cyber security, further information (10%) and assurances of the benefits (11%) are cited as the main factors that would encourage greater collaboration.

Henry Harrison, Technical Director at BAE Systems Detica said:
“2011 has clearly led businesses to re-evaluate the level of cyber threat and impact, but it seems they are slower to recognise their true level of vulnerability.

“However, raised awareness about cyber risk has increased the private sector’s desire for collaboration with the Government to formulate new responses to this rapidly growing challenge.  Given the remaining scepticism about the level of vulnerability to the threats businesses face, there is a clear incentive for Government to step-up its cyber security efforts in this area.

“What is encouraging is that businesses have signalled that the door is open for the Government to progress the discussion.”

Last year was certainly seen as a landmark year for cyber attacks. When asked their thoughts on what happened in 2011, 88% of businesses say that “2011 was just the beginning and the situation is likely to continue on a similar or increased scale in future”.  One legacy of last year’s spate of attacks is that businesses are now most wary of organised criminal groups and professional fraudsters. 73% felt that these criminals are the most likely groups to mount a targeted cyber attack, an increase of 15 percentage points from the research in 2010. 

Businesses are less concerned about attacks from their own employees - down to 42%, compared with 56% last time. Interestingly, 28% felt that state-sponsored spies were likely to mount a targeted attack and of those concerned about industrial espionage (43%), more than half (56%) are worried about state sponsored spies.

Henry Harrison, Technical Director at BAE Systems Detica added:

“We’d urge businesses to remain cautious and to evaluate their defences, rather than waiting until they are attacked before acting.

“We’ve seen a growing number of businesses lock the door after the horse has bolted. We want to ensure that 2011 isn’t the beginning of a decade of our cyber adversaries staying ahead of us. Let’s hope businesses’ confidence in their defences is merited.”

Media Contacts:
Natasha Davies, Head of PR and Media, BAE Systems Detica   
Telephone +44 (0) 20 7812 4274
Mobile: +44 (0) 7787 297 831

About BAE Systems Detica
BAE Systems Detica delivers information intelligence solutions to government and commercial customers. We help them collect, exploit and manage data so they can deliver critical business services more effectively and economically. We also develop solutions to strengthen national security and resilience.

We integrate and deliver world-class solutions to our customers’ most complex operational problems – often applying our own unique intellectual property. Our services include cyber security, managing risk and compliance, data analytics, systems integration and managed services, strategy and business change and the development of innovative software and hardware technologies.

Detica is part of BAE Systems, a global defence and security company with just under 100,000 employees worldwide. BAE Systems delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services.

100 online interviews were conducted with strategic and IT decision makers in UK companies.

Participants are drawn from companies with turnovers in excess of £350 million
Interviews were conducted online using a business panel between 27th February and 9th March 2012.

Where possible, results have been compared to those from the 2010 Cyber Security Survey.  This survey consisted of 50 telephone interviews with a similar sample of respondents.  Due to the difference in methodology and sample size comparisons should be treated as indicative only.

All figures reported are percentages unless stated otherwise. Where percentages do not sum to 100% this may be due to rounding or inclusion of multiple responses.

Issued by:
BAE Systems, Farnborough, Hampshire GU14 6YU, UK
Tel: +44 (0) 1252 384719 Fax: +44 (0) 1252 383947
24hr media hotline: + 44 (0) 7801 717739

Ref 064/2012