UK businesses still failing to take cyber security seriously – PwC report

Published at 05:01 AM on 08 October 2015

  • UK companies not yet on top of cyber security incidents or their causes
  • A third of reported UK incidents are due to mobile devices being exploited
  • Insiders – current or former employers – top the list as a major source of incidents
  • Incidents now cost an average of £1.7million
  • Cloud computing and the Internet of Things are having a major impact on technology innovation but also the number of attacks
  • There was a 38% increase in detected information security incidents and a 24% boost in security budgets in 2015

Nearly 10% of UK companies don’t know how many cyber security attacks they have had this year and 14% don’t know how they happened,according to ‘Turnaround and Transformation’, the latestGlobal State of Information Security® Survey 2016, released today by PwC in conjunction with CIO magazine and CSO.

PwC interviewed 10,040 executives from more than 127 countries, including 637 in the UK, across all industries, in the annual report that looks at the challenges companies face protecting their businesses from ever-increasing cyber security incidents.

Cyber attacks continue to escalate in frequency, severity and impact. However, prevention, detection methods and innovation are on the rise globally as forward-thinking business leaders focus on solutions that cut risks and improve business performance. The report examines how executives are looking towards new innovations and frameworks to improve security and mitigate enterprise risk.

As cyber risks become increasingly prominent in the boardroom, business leaders are rethinking cyber security practices, focusing on innovative technologies that can reduce enterprise risks and improve performance. The vast majority of organisations – 91% – have adopted a security framework, or more often, an amalgam of frameworks. These technologies are yielding considerable opportunities to improve cyber security and produce holistic, integrated safeguards against cyber attacks.

Richard Horne, PwC cyber security partner, said:

“Many business leaders see cyber security as the risk that will define their generation. The most innovative companies are rising to the challenges they face, looking at new technology and seeing how they can best protect their assets and reputation to gain competitive advantage.”

Adapting traditional cyber security measures to an increasingly cloud-based world is an example of this effort, with considerable investments being made to develop new network infrastructure capabilities that enable improved intelligence gathering, threat modelling, defence against attacks and incident response. According to the report, 69% of respondents use cloud-based security services to protect sensitive data and ensure privacy and the protection of consumer information.

Big Data and the Internet of Things present a host of cyber challenges and opportunities. In the case of Big Data, often considered a cyber liability, 59% of respondents are using data-powered analytics to enhance security by shifting security away from perimeter-based defences and helping organisations to put real-time information to use in ways that create real value.

As the number of internet-connected devices continues to surge, the Internet of Things will inevitably increase the stakes for securing cloud-based networks. Investment intended to address these issues doubled in 2015, but only 36% of UK survey respondents have a strategy specifically addressing the Internet of Things.

Among other findings from the report, it shows that the number of organisations that embrace external collaboration has steadily increased. 65% of respondents are collaborating with others to improve security. The report also found that 59% of organisations have purchased cyber security insurance, compared with 51% last year. 43% of UK survey respondents report making a claim on their insurance.

Richard Horne, PwC cyber security partner, said:

“In our digitally-interconnected world, businesses cannot stand still. They need to prepare and continually test their defences – and respond to breaches – in the face of incredibly sophisticated attacks. This requires commitment and leadership from the very top of an organisation to prevent breaches, but also to detect and respond to them rapidly and in the right way when they happen.”

To explore the survey findings by industry and region, visit:


Notes to Editors

Please reference the study as “The Global State of Information Security® Survey 2016, a worldwide survey by CIO magazine, CSO and PwC.” Source line must include CIO magazine, CSO  and PwC. Survey results will be covered in depth in the October issues of CIO magazine and CSO. The coverage will be available online at and Information about the survey will also be available at


The Global State of Information Security® Survey 2016 is a worldwide study by PwC, CIO magazine, and CSO. It was conducted online from May 7, 2015, to June 12, 2015. Readers of CIO magazine and CSO and clients of PwC from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 10,000 executives including CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from more than 127 countries. Thirty-seven percent (37%) of respondents were from North America, 30% from Europe, 16% from Asia Pacific, 14% from South America, and 3% from the Middle East and Africa. The margin of error is less than 1%.

About CIO magazine

CIO is the content and community resource for information technology executives and leaders thriving and prospering in this fast-paced era of IT transformation in the enterprise.  The award-winning CIO portfolio—, CIO magazine (launched in 1987), CIO executive programs, CIO custom solutions, CIO Forum on LinkedIn, CIO Executive Council and CIO primary research—provides business technology leaders with analysis and insight on information technology trends and a keen understanding of IT’s role in achieving business goals. Additionally, CIO provides opportunities for IT solution providers to reach this executive IT audience.  The CIO Executive Council is a professional organization of CIOs created to serve as an unbiased and trusted peer advisory group. CIO is published by IDG Enterprise, a subsidiary of International Data Group (IDG), the world’s leading media, events, and research company. Company information is available at

About CSO

CSO is the content and community resource for security decision-makers leading “business risk management” efforts within their organization.  For more than a decade, CSO’s award-winning web site (, executive conferences, strategic marketing services and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Enterprise, a subsidiary of International Data Group (IDG), the world’s leading media, events and research company. Company information is available at

2015 PricewaterhouseCoopers. All rights reserved


About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details. © 2016 PwC. All rights reserved

« Safe Harbour framework does not protect EU personal data stored in the United States and is invalid | Homepage | PwC's growing Forensics disputes team recruits leading expert witness »

  • Contact us
  • +44 (0) 20 7213 1768

Specific and out of hours contacts