UK CEOs’ Cyber Ignorance Costing Firms Dear

Infosecurity Magazine | July 17, 2019

Cybersecurity: Is your boss leaving your organisation vulnerable to hackers?

ZDNet | July 15, 2019

CEOs’ Lack of Cyber Awareness Is Exposing UK Business To Major Risk

London, UK – Tuesday 16th July 2019 – The lack of CEO-specific security plans, failure to comply with plans in place and the growing number of unsecure smart devices in the home and places of travel (such as hotels) means that CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks, a new piece of research has revealed today.

The latest survey*, conducted by RedSeal amongst senior IT teams up to CIO level within UK businesses, unearthed a number of gaps in cybersecurity protocols and awareness amongst a CEO audience. Although the research demonstrated that many senior IT professionals have aimed to put CEO-specific cybersecurity plans in place, over half (54%) don’t believe that their CEO follows procedure and are exposing their organisation to potential compromise. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

  • New research reveals that CEOs are disengaged from cybersecurity challenges and are unaware of many of the attacks on their business
  • Many CEOs still aren’t adhering to ‘out of office’ security measures put in place by their security teams
  • Smart technology is putting sensitive company information at risk, as CEOs become a major target for hackers and cybercriminals

The proliferation of smart devices is a danger to UK business

With the ever-changing digital working habits and behaviours of CEOs made possible by innovative mobile and smart technology the research found that cybersecurity measures aren’t being followed outside the traditional workplace — an enormous potential security oversight given 1 in 5 smart devices in the home** have been breached or compromised.

“Smart devices are important because they are new, unproven, and not built with security as a primary goal” said Dr. Mike Lloyd, CTO of RedSeal. “Smart devices compete on convenience and price. Security is usually an after-thought, if it’s addressed at all. Some popular smart devices, like smart speakers, compromise privacy even when working as intended — which is scary when you think about the opportunity this presents to people who want to spy on CEOs for commercial or national advantage. CEOs have wide access to their organisation’s network resources, the authority to look into most areas, and frequently see themselves as exempt from the inconvenient rules applied to others. This makes them ideal targets.”

UK business is also under attack but are we trying to hide it?

There is industry-wide confusion as to how many attacks there have been on UK business in the last 12 months. The UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas this most recent research from RedSeal is showing that, in fact, 81% of senior IT professionals admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organisation.

The research also revealed that 42% of UK companies don’t have a cyber-response plan in place to inform customers of a security breach and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. Perfect defence is illusory; in a complex and interdependent world, some attacks are bound to succeed.  Organisations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”


*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place on 19th-27th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

**A second online survey was conducted by Atomik Research among 2,004 UK consumers aged 18+. The research fieldwork took place on 19th-25th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

Business Feel Let Down By UK Government on Cybersecurity

UK Businesses Are Asking the Government to Provide More Support Around Cybersecurity Issues in 2019

LONDON, UK – Monday 10th December, 2018 – Has a sensitive political and business environment in 2018 deflected attention away from security and left UK businesses less prepared for cyberattack? New research* has revealed that UK businesses are looking for greater support from the Government in the ever-growing battle against cybercrime.

According to the latest insights from RedSeal, nearly seven in ten (68%) IT bosses say their business has suffered at least one cyberattack in the past year. Almost a third (31%) also said the government does not offer businesses enough guidance or support on cybersecurity. The data also revealed that one in five (19%) of the UK businesses surveyed had no plan in place to deal with a cyberattack and that 65% of IT teams believe that their senior management needs to pay more attention to cybersecurity in 2019.

This latest research comes just two months after the National Cyber Security Centre’s second annual review where the Chancellor of the Duchy of Lancaster, David Lidington, gave a speech at the National Cyber Security Centre on why cyber security matters. He highlighted that the Government’s latest annual Cyber Security Breaches Survey had also revealed that more needed to be done. It flagged that only 30% of UK businesses have a board member with responsibility for cybersecurity and a small 10% require their suppliers to adhere to any cyber standards. Lidington also said that the Government’s next announcement on their cybersecurity strategy for UK business is planned for some time this month.

Ray Rothrock, CEO of RedSeal and author of the book Digital Resilience commented, “We commissioned this research to explore how prepared businesses are to continue operating during an attack. The number of high profile breaches has meant that 2018 has become the year where businesses are left wondering what more they can do to protect themselves, how to remain resilient, to keep operating and minimise customer damage. Our research highlights the fact that that senior IT bosses want the UK government direct more attention, money and resource to supporting their businesses in the face of cyberattacks.”

RedSeal’s research today, along with high-profile breaches such as the Marriott and British Airways in recent weeks and months, has only highlighted the ever-growing need for more to be done in the fight against cybercrime. Two-thirds (67%) of those that had been attacked in the last year stated that this had resulted in a financial loss, 37% in a loss of customers and nearly half (43%) suffered damage to their reputation.

* An online survey was conducted by Atomik Research among 501 UK IT professionals, Director Level and above. The research fieldwork took place between the 13th and 19th November 2018 Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code.