Veracode-CEBR Survey of UK Cybersecurity

Normally I dislike reports where users are required to register their personal details before download, because giving your data away is the first step towards the abuse of that data. However, it is worth providing your details to read the punchy survey of British cybersecurity that was commissioned by Veracode and compiled by the Centre for Economics and Business Research. Whilst not specific to the communications sector, it is jammed full of intriguing facts and statistics. If you want a short overview of the topic, the report draws on many relevant sources but summarizes the findings very succinctly. It also reveals a very interesting contrast between attitudes in the communications sector and those in other industries. Here are just four takeaways from the survey.

1. Telcos are leaders at spending on cybersecurity, but suffer smaller losses.

Telcos spend 13 percent of their IT budget on cybersecurity. Only the service sector averages a higher proportionate spend, at 14 percent. However, when breaches do occur, technology and telecoms firms respond with only a 1 percent increase to their security budgets. And the loss of revenue suffered as a consequence of breaches is lower than any other sector, at just 0.3 percent.

2. Business leaders think government should do more.

Government lags telecoms by spending just 11 percent of its IT budget on cybersecurity. However, 77 percent of the cost of cybercrime stems from government security breaches. 60 percent of British CTOs believe the UK government does a poor job of educating and protecting firms from cyberattacks.

3. The cost of cybercrime is heavy, but equally split between losses and future prevention.

15 percent of surveyed businesses said they had lost revenue as a result of a cybersecurity breach. The total cost to British industry was estimated to be GBP34bn (USD53bn). Almost half of this was due to increased spending on IT as a result of crime, whilst the rest was the amount lost in revenue.

4. Breaches affect share prices, but there is increasing pressure for transparency.

Following a breach, publicly traded firms might see their share prices fall by 2 percent, or by almost 50 percent. However, it may not be an option to keep damaging cyberattacks secret from shareholders. The survey lists a series of public bodies and lobbying groups who are pushing for tougher conventions, and laws if necessary, to force the disclosure of cybersecurity breaches.

You can register and download the report from here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.