60 per cent of IT professionals believe that not enough time or money is being spent by companies to develop cyber security policies, a new study by Kaspersky Lab has suggested.
As a result, less than half of those surveyed feel that they have sufficiently organised and systematic processes to deal with cyber threats, according to the Global Corporate IT Security Risks survey (opens in new tab).
The situation is especially poor in the educational industry, where only 28 per cent of organisations are confident that they have sufficient investment in cyber security.
Perhaps even more critically, two thirds of government and defense organisations surveyed across the world believe they are in constant danger of losing confidential information. Just 34 per cent of the claim that they have enough time and resources to develop IT security policies.
The survey shows that almost half of the organisations questioned have no policy for implementing security for mobile devices. Even where mobile security policies have been implemented, resources are still considered inadequate: around half complain that budget increases are insufficient, while 16 per cent complained there is no extra funding made available.
91 per cent of businesses surveyed have had at least one external cyber security security incident in the past year, whilst 85 per cent reported internal incidents.
According to the Security Risks survey, a serious incident costs large companies an average of £418,000; for small and medium-sized companies the bill typically comes to about £32,000. A successful targeted attack can cost a company more than £1.5 million in direct financial losses and additional costs it was found.
"Lots of organisations don't realise these risks. A quarter of companies still regard security issues as things that happen to others – although more and more are starting to realise they are a real life problem for any business," said David Emm, senior security researcher at Kaspersky Lab.
"Another problem is that 28 per cent of companies mistakenly think that the costs of guarding against cybercrime are greater than the potential losses."
Image credit: Flickr (UK Ministry of Defence (opens in new tab))