Cyber-complacency rife among UK finance and accountancy professionals
UK finance and accounting professionals have unrealistically high levels of confidence in their defences against security breaches – increasing the likelihood of such breaches happening.
According to a benchmark study carried out by identity and access management software vendor Ilex International, more than 27% of IT decision makers surveyed in the finance and accounting sector say they are very confident, and 58% fairly confident, that their businesses are protected against data security breaches.
Ilex has created what it calls its Breach Confidence Index to monitor the level of confidence among UK businesses and says the first results raise major concerns for British businesses. The survey found that almost half of those surveyed (49%) said their business has not experienced a security breach.
“With the UK being a leading economic centre and a major target for cyberattacks, the high confidence level is worrying and completely misplaced”, said Thierry Bettini, director of international strategy at Ilex International. “The Breach Confidence Index shows that businesses have a false sense of security which could result in an increase in security breaches.”
IT decision makers surveyed listed the most common weaknesses resulting in a security breach as:
- Malware vulnerabilities (22%)
- Email security (21%)
- Employee education (15%)
- Cloud applications (12%)
- Insider threats (12%)
- Access control (8%)
- BYOD or mobile access (8%)
- Non-compliance to current regulations (6%)
Weaknesses relating to identity and access management considerably increase as organisations expand their workforce. Some of the most common issues highlighted by large businesses include insider threats (44%), employee education (42%), access control (26%) and BYOD or mobile access (24%).
“It’s important that businesses come to terms with the reality of data security breaches. If they don’t think they have been targeted yet, they will be and need to be prepared,” said Bettini. “As technology evolves and brings new security risks, businesses should be doing all they can to educate employees on security best practices and tighten access to sensitive data.”