The 2018 IT Risks Report from Netwrix has found that while 50% of UK respondents consider external hackers as ‘the most dangerous threat actors’ in terms of being the source of a potential data breach, the response results indicate that ‘insiders’ are the cause of security incidents in 73% of cases.
The report shows that the biggest risk is to regular business users (33%), mid-level managers (22%), departing/departed employees (22%), and members of an organisation’s IT team (17%).
The survey also found that:
• Not all critical security controls are reviewed regularly as required by best practices: overall 15% of UK organisations get rid of stale and unnecessary data rarely or never, and 35% update access rights in accordance with least privilege principle only once a year.
• 80% of UK companies surveyed have done IT risk assessment at least once, but only 21% re-evaluate their IT security risks regularly.
• 20% of UK organisations surveyed do not know where sensitive data is located, and how employees deal with it.
• 60% of UK respondents said they need to improve incident detection to better mitigate cyber threats.
• 35% of UK respondents have an incident response plan and provide training to employees, however, 15% have a draft plan, and 10% do not have any plan at all.
“Even though GDPR has become a catalyst for UK companies to revise their IT security strategies, the majority of them still lack the support of their leadership teams to invest in building a holistic approach to cyber security,” says Matt-Middleton Leal, EMEA General Manager at Netwrix.