CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave Research: More U.K. Companies Identifying Security as a Major Risk, Uncertainty

No longer is cybersecurity solely an "IT issue" - and that's mainly because more than just the IT department is feeling the pain these days.

As we have seen from the well-publicized string of destructive compromises that have occurred over the past 12 months and beyond, data breaches are like a tornado: They spare no victim in their path of mayhem, from the CEO to the IT team to employees to customers. Still, not enough individuals at the top of the chain are making security a top priority. According to our 2014 State of Risk Report, 45 percent of businesses have board- or senior-level management who take only a partial role in security matters; 9 percent do not at all.

But improvement is happening. For the past two  years, I have researched how data protection is perceived in the boardroom at some of the U.K's largest companies. The research is based on references to "cybersecurity" in their annual reports - both in discussion and explicitly highlighted under the "principal risks and uncertainties" section, a telling barometer to where their priorities lie.

This year, I did it again - and found the results keep getting better.

For example, during the past couple of years, cybersecurity has increasingly become commonplace on the executive board's radar. In 2012, just 49 percent of the FTSE 100 companies referenced cybersecurity. In 2013, however, the number increased to 60 percent. And in 2014, more than three-quarters of companies (76 percent) mentioned it.

I saw significant improvement across all industries. Between 2012 and 2013, the utilities sector remained stagnant, with 60 percent referencing cybersecurity as a primary risk. In 2014, that number rose to 80 percent.

The financial and health care industries both showed an increase of 25 percent. The oil-and-gas sector, meanwhile, saw no change, but a solid majority - 85 percent - attributed cybersecurity in their annual reports.

So why are more companies paying attention to cybersecurity?


Major data breaches that made news headlines in 2013 may be a contributing factor, as well as government involvement to improve cybersecurity across all businesses, through initiatives like the Cyber Essentials Scheme. In some sectors, the increases in cybersecurity mentions could be due to the rise of internet-connected SCADA control systems and concerns over the security of critical infrastructure.

Whatever the reason, the increased awareness about cybersecurity at the board level is a step in the right direction. C-level executives must take a proactive approach to understanding the risks facing their businesses. They need to identify where their valuable information lives and moves, as well as isolate security weaknesses that could compromise that data. They should then remediate those deficiencies and deploy security controls and services that protect attack vectors. Finally, they should create and test an incident response plan so that if they are breached, they can respond and mitigate the damage as quickly as possible.

Also, a security program is only as good as the people who manage it. If businesses lack the manpower and skillsets to ensure their controls are installed, updated and working properly, they should augment their in-house staff and partner with a third-party team of experts whose sole responsibility is to protect their information.

Tom Neaves is a managing consultant at Trustwave.

Latest Trustwave Blogs

Trustwave, Telarus Announce Strategic Global Partnership

Trustwave is partnering with Telarus, a leading technology services distributor (TSD), which will allow it to leverage Trustwave’s comprehensive offensive and defensive cybersecurity portfolio and...

Read More

Unlocking the Power of Offensive Security: Trustwave's Proactive Approach to Cyber Defense

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect...

Read More

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Editor’s Note – The situation with the Change Healthcare cyberattack is changing frequently. The information in this blog is current as of April 16. We will update the blog as needed. April 16, 2024:...

Read More