Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG.

The report, "Taking the Offensive – Working together to disrupt digital crime" finds that, while 94 percent of IT decision makers are aware that criminal entrepreneurs are blackmailing and bribing employees to gain access to organisations, roughly half (47 percent) admit that they don't have a strategy in place to prevent it.

The report also finds that 97 percent of respondents experienced a cyberattack, with half of them reporting an increase in the last two years. At the same time, 91 percent of respondents believe they face obstacles in defending against digital attack, with many citing regulatory obstacles, and 44 percent being concerned about the dependence on third parties for aspects of their response.

"The industry is now in an arms race with professional criminal gangs and state entities with sophisticated trade craft. The twenty-first century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market," said Mark Hughes, CEO security at BT.

"With cyber-crime continuing to escalate, a new approach to digital risk is needed – and that means putting yourself in the shoes of attackers," Hughes said. "Businesses need to not only defend against cyber-attacks, but also disrupt the criminal organisations that launch those attacks. They should certainly work closer with law enforcement as well as partners in the cyber security marketplace."

Paul Taylor, UK head of cyber security at KPMG, said "It's time to think differently about cyber risk – ditching the talk of hackers – and recognizing that our businesses are being targeted by ruthless criminal entrepreneurs with business plans and extensive resources – intent on fraud, extortion or theft of hard won intellectual property."

"Talking generically about cyber risk doesn't deliver insight," Taylor said. "You need to think about credible attack scenarios against your business and consider how cyber security, fraud control, and business resilience work together to prepare for, and deal with those threats. If that's done, then cyber security can become a mainstream corporate strategy as a vital component of doing business in the digital world."

The BT-KPMG report shows that chief digital risk officers (CDROs) are now being appointed to combine digital expertise with high-level management skills. With 26 percent of respondents confirming that a CDRO has already been appointed, the report's data suggests that the security role and accountability for it is being re-examined.

The research also identified the need for budgets to be adjusted. Sixty percent of decision makers say that their organisation's cyber security is currently financed by the central IT budget, while half of those (50 percent) think it should come from a separate security budget. One major challenge identified by the report is the funding and scale of R&D spending.

The "Taking the Offensive – Working together to disrupt digital crime" quotes a number of security directors of well-known global organisations, and lists examples of the many forms of criminal attacks encountered by global organisations. Included in this are various types of malware or phishing attacks.

It also describes the business models favored by the criminals and the black market behind them, whether they carry out high-end targeted assaults on the finance system or regular attacks on businesses and high net worth individuals, or even the attacks affecting all of us.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access