UK manufacturing industries fall behind expectations

Survey respondents included 1600 IT information security decision makers in  organisations of more than 500 employees, and spanning five industry sectors in the US, the UK and the German-speaking region of Europe (DACH).

The majority of organisations are aware that some of their security measures are immature or ineffective, but only 33% have high confidence that their organisations will improve their less mature security controls. Also evident in the results is that more than 43% perceive problem prevention, identification, diagnosis and remediation to be more challenging than two years ago, citing the increasing operational complexity and threat landscape as affecting security capacity.

One in six organisations have had five or more significant incidents, and 39% have had two or more incidents. And while confidence in IT security management appears optimistic, overall findings showed a contradiction in efficacy and likely investment, compared to where incidents have been most impactful.

Top security incidents comprise phishing, compliance policy violations, unsanctioned device and application use, and unauthorised data access. The most frequent cited security issues are from malware and advanced threats, application and wireless security, network resource access, unsanctioned application and personal mobile device use, and data leakage.

Control practices

The control practices indicated as relatively immature are personal mobile device usage, perimeter threats, inventory management and endpoint compliance, virtualisation security, rogue device and application security. The top five security technologies perceived to have the greatest interoperability value are firewalls, anti-malware, network access control (NAC), mobile device management (MDM), and advanced threat detection (ATD).

In the UK, the Manufacturing sector suffered from more security incidents – whereas the Health sector was below the worldwide aggregate level. In line with the generic trend, Healthcare in the UK is less mature than Manufacturing. Both verticals in the UK are less mature compared to the worldwide average.

The manufacturing, education and finance sectors in general appear more prone to phishing attacks, while the healthcare sector is more likely to experience higher than average compliance policy violations. An exception is the manufacturing vertical in the UK, where unsanctioned application and device use, compliancy policy violations and zero-day malware show more incidents. Healthcare is more concerned about data leakage monitoring issues than manufacturing, education, retail and finance.

Aggregated across all three geographical regions, those most confident that security event logging and monitoring tools would be improved came from the financial services industry (45%), with education the least certain. Those in the education and manufacturing sectors were least sure that security measures relating to personal mobile device usage would be improved.