Most business leaders only prioritize cybersecurity after a major breach, report finds


Companies reported that management teams only begin to appreciate cybersecurity once the business has experienced a “serious” attack.

The sightings of ‘numerous’ businesses have been revealed in a guidance document, released today by the Department for Culture, Media and Sport (DCMS), which investigated experiences of cyberattacks on UK businesses.

Half of the participants involved in the interview process conducted by the DCMS said that senior leaders recognized that cybersecurity threats were real only after the company had been attacked.

Common observations among companies were that senior executives were not as committed to security as a priority and that some did not fully understand the scale of the threats or the cultural shift needed to meet the growing challenge.

Senior management and board members have become significantly more engaged in cybersecurity following their respective breaches and have since “demonstrated a more serious intent” to improve the organization’s cybersecurity posture.

The improvements were seen across all the different types of businesses that spoke to DCMS as part of its to research.

The ministry said it heard from ten companies of varying sizes and degrees of IT maturity, most of which also operated in different industries. The only commonality between them was that they had all experienced serious cyber incidents in the four years prior to the search.

The managing director and IT manager of a small private organization (10-49 employees) said the breach she suffered made the organization “more vigilant” at senior management level.

This increased vigilance allowed the two managers to obtain immediate approval from the board of directors when it came to contracting a new IT supplier. It came after the previous company was accused of responding slowly to an attack that saw an email intercepted and customer funds stolen.

For a very large private organization with more than 250 employees, its cybersecurity operations center (HSoC) manager said its breach brought cybersecurity to the attention of senior leaders since the company had become “a victim of its own hit”.

It had never experienced a major incident before because its protections had always been so effective, the HSoC said, but the smishing attack prompted the purchase of additional services and the launch of internal awareness campaigns.

Other large organizations also reported that the company was not interested in what IT teams were doing to stay safe from cyber threats, but awareness was only raised after the attack.

Prior to the incident, the chief security officer (CSO) of a separate large private company also said: ‘I had 100% support from the board, then after the breach it was support from 110%… I would say this one helped speed up the delivery of a lot of things in my program”.

Related Resource

The Role of Storage in Addressing Cyber ​​Resilience Challenges

Understand the role of data storage in cyber resilience

Free download

Despite a tumultuous half-decade in cybersecurity, during which ransomware began to proliferate and dominate the threat landscape, the DCMS report also revealed that IT teams are still struggling to quantify the financial impact of violations and convincing senior leaders to engage with the issues.

Companies have typically bolstered their defenses after their respective attacks in the form of new security products, policies, or staff training. However, the DCMS observed that “very few” have compiled a list of “lessons learned” that could be used to support the development of future security programs.

Most companies recognized the received industry wisdom that people are often the so-called weak link in cybersecurity, but prioritized spending on new security tools over awareness training. internal.

The common rationale among companies was that these tools would help their employees do the right thing and make better decisions as a result.

Featured Resources

The Total Economic Impact™ of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings made possible by IBM Turbonomic Application Resource Management

Free download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits with Watson Assistant

Free download

The Practical Guide to Application Modernization

Moving forward with your enterprise application portfolio

Free download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free download


About Author

Comments are closed.