European businesses are taking data security more seriously but are still struggling to ascertain if their data has been compromised in the wake of a targeted cyberattack. The latest annual security survey from Quocirca and Trend Micro, which looked at businesses in the UK, Spain, Italy, Germany, France and Nordic regions found that out of 251 companies that had been successfully targeted, 31 admitted that they were not aware if any data had been stolen and six businesses knew of an attack, but did not know how much data had been lost.
This lack of knowledge around their own data comes in spite of the fact that targeted attacks are being taken more seriously by European businesses. In 2013 26% of respondents were complacent about these breaches. However, in 2015 this figure has plummeted to just 6%. Almost a quarter of respondents now agree targeted attacks are inevitable, while 26% feel they are a growing concern and 44% feel they are a long term concern.
While this is obviously marks a huge change in attitude to online threats the number of businesses unable to see what data was lost means many are not translating this knowledge into actions. Of the businesses surveyed most accept they have been targeted more than once, while 70% of 369 companies admitting the number of attacks are increasing. Less than 5% of respondents said the numbers were decreasing.
Although overall figures for the UK were lower than the rest of Europe, six British organisations still made it onto the list of the worst 40 reported attacks – including the two of the most serious incidents, both involving costs of more than €1 million, devastating data loss and serious reputational damage. All six organisations had specialist IT security teams, operations centres and/or managed security service providers in place.
“Despite the bleak picture being painted, our research has discovered that various before, during and after measures are proven to be effective against, or respond to, targeted attacks,” said Bob Tarzey, Analyst and Director. “Just having a security function is not enough, effective measures need putting in place, including cyber fire drills, which can be deployed to support reducing reputational damage and overall cost attacks to businesses”.
“Being alive to the potential cost is making European organisations look to prepare for the worst via breach response plans,” commented Rik Ferguson, VP Security Research, Trend Micro. “Deploying these plans helps to reduce the cost and impact of targeted attacks. These plans need to be designed to go way beyond just repairing damage to IT infrastructure. They need to be very thorough and include elements such as proactive communications with data subjects, regulators and the media. Breach response is no longer the preserve of the IT department, but also the board and public relations, among others”.