Posts Tagged :

Research

Neighbourhood Watch data: Antisocial behaviour is the UK’s most feared and common crime

960 640 Stuart O'Brien

Over a quarter of Brits don’t feel safe at home, with antisocial behaviour (67%), burglary (52%) and cybercrime (44%) being the top three most feared crimes across the UK.

Although The Office for National Statistics (ONS) reported that crime rates dropped by 10% in 2023, the National Crime & Community Survey conducted by Neighbourhood Watch and SimpliSafe Home Security found that a staggering 37% of Brits experienced a crime in the last year, with 63% of those having experienced antisocial behaviour, followed by physical assault (25%).

Shockingly, 58% of people who witnessed a crime over the past 12 months did not report it, with the main reason being they didn’t believe anything would be done – this behaviour was the most common among Brummies (10%).

When looking at the data regionally, Londoners experienced the highest level of crime over the past 12 months (46%), with Geordies not too far behind (44%). The South West experienced the least crime (71%), which ties with people in that region feeling the safest (81%). Those in the West Midlands, however, feel the most unsafe (37%).

Neighbourhood Watch has supported the Home Office’s work this year in trialling new policing approaches to tackling antisocial behaviour across England. The findings of this survey highlight the need for further research into why antisocial behaviour remains a prevalent crime in the country. There is also a continued need for action to be taken to prevent incidents of antisocial behaviour in communities.

John Hayward-Cripps, CEO of Neighbourhood Watch Network: “It is clear from the findings of our survey that we must continue to prioritise sharing resources and raising awareness of antisocial behaviour, burglary and cybercrime. A staggering 46% of people didn’t report a crime over the past 12 months according to the National Crime & Community Survey and 5% of those said it was because they were too scared to do so, so it’s important to help empower people to take action to protect themselves and prevent these crimes from impacting them and their communities. Working collaboratively with other organisations will be essential to help reduce crimes such as ASB in communities, and increase feelings of safety and community wellbeing.” 

The charity continues to work hard to support its members with understanding how to respond to antisocial behaviour and harassment, either as a bystander or as a victim, and highlights the importance of being an active bystander. Through the Suzy Lamplugh ‘5Ds’ training, which Neighbourhood Watch encourages volunteers to take, members receive guidance on how to safely and effectively intervene, document or support the victims of these crimes.

Statistics from this survey show that more than half (56%) of respondents have changed their behaviour after seeing crime prevention campaigns from Neighbourhood Watch, suggesting their guidance has had a positive impact, with people feeling equipped to take action or change their behaviours in the face of crime.

Photo by Competitive Insight on Unsplash

Mobile IDs, MFA and sustainability emerge as top security trends, says new report

960 640 Stuart O'Brien

HID’s 2024 State of the Security Industry Report has outlined the underlying concerns driving upcoming innovations and the technologies that underpin them, including Mobile IDs, MFA and sustainability.

The report gathered responses from 2,600 partners, end users, and security and IT personnel worldwide, across a range of job titles and organisation sizes representing over 11 industries and found:-

  1. Mobile identity is expected to be ubiquitous in the next five years

Given the widespread use of mobile devices, momentum continues to build around their use in support of identity. Within the next five years, surveyed end users state that nearly 80% of organizations will deploy mobile IDs. Industry partners are even more optimistic in their outlook, stating that 94% of their customers will have deployed mobile IDs. 

2. Multi-Factor Authentication is widespread, despite slow but growing implementation of Zero Trust

More than 83% of end users respondents said their organization currently uses Multi-Factor Authentication (MFA), mainly due to the vulnerabilities of passwords. For many, this represents the first step on the longer journey toward Zero Trust, an approach to security that calls for organizations to maintain strict access controls and to never trust, always verify anyone – internal or external – by default. Zero Trust has been implemented in 16% of organizations with over 100,000 employees and 14% in those with up to 10,000 employees, according to the survey.

With MFA being widespread, the eventual end of passwords is imminent. The creation of new standards such as FIDO (Fast Identity Online), which uses “standard public key cryptography techniques to provide phishing-resistant authentication,” will pave the path to new and more secure authentication options that will be part of a more robust Zero Trust architecture.

3. Sustainability becomes a growing driver in business decisions

Among HID’s survey respondents, sustainability continues to rank high as a business priority, with both end users and partners rating its importance at a “4” on a 1-to-5 scale. Additionally, 74% of end users indicate the importance of sustainability has grown over the past year, and 80% of partners reported the trend growing in importance among their customers.

As such, there will likely be a continued emphasis on solutions that minimize energy use, reduce waste, and optimize resource usage. A shift to cloud-based solutions and increased use of mobile devices are two clear strategies to reach these sustainability goals.

4. Biometrics continues its impressive momentum

In this year’s survey, 39% of installers and integrators said their customers are using fingerprint or palm print, and 30% said they’re using facial recognition. The momentum continues to build as 8% plan to test or implement some form of biometrics in the next year and 12% plan to do so in the next three to five years.

5. Identity management points up to the cloud

Nearly half of end users are moving to cloud-based identity management, with 24% already using it and another 24% in the process of implementing such systems. Industry partners say their customers face several hurdles here, including existing reliance on legacy/on-prem equipment (28%), lack of budget (24%), and cloud-based identities simply not being a business priority (21%).

6. The rise of artificial intelligence for analytics use cases

Conversations about AI have come to dominate the business landscape, and many security professionals see AI’s analytic capabilities as the low-hanging fruit to enhance identity management. Rather than looking to AI to inform the entirety of the security system, it’s possible to leverage data analytics as a way to operationalize AI in support of immediate outcomes. In this scenario, 35% of end users reported they will be testing or implementing some AI capability in the next three to five years, with 15% already using AI-enabled biometrics.

The full report includes additional global data and further analysis. Read it in its entirety here.

Photo by Privecstasy on Unsplash

University of Manchester resilience researchers awarded £4.2 million ‘to help build a secure world’

960 640 Stuart O'Brien

The University of Manchester’s researchers are on a mission to tackle some of the UK’s most challenging resilience and security problems. 

Backed by a £4.2 million funding award from UK Research and Innovation’s building a secure and resilient world strategic theme, the University team will drive a Research and Coordination Hub in confronting pressing risks and threats both online and in the world around us.  

Led by Dr Richard Kirkham, Deputy Director of the Thomas Ashton Institute for Risk and Regulatory Research at The University of Manchester, the project known as SALIENT (Secure And ResiLIENT), will bring Manchester academics together with partners from the universities of Bath, Exeter and Sussex, to catalyse, convene and conduct research and innovation in support of the UK’s national security and resilience. 

SALIENT will drive interdisciplinary research to tackle some of the UK’s most challenging security problems. Their focus will be on robust and secure supply chains, global order in a time of change, technologies used for security and defence, behavioural and cultural resilience, and strengthening resilience in our natural and built environments.  

Dr Kirkham said: “With SALIENT we’re aiming to enhance security across our virtual and physical environments, and strengthen the country’s societal and economic resilience, by improving awareness around the key risks and threats we might be facing, and informing UK decision-making and preparedness. Ultimately, we’re working towards change being understood as a force for good. 

“SALIENT will adopt a human-centred systems approach through a portfolio of devolved funded activity. To achieve this, we particularly encourage research proposals that promote the arts and humanities in the national conversation on resilience.”   

This ambitious five-year investment, following a highly competitive selection process, will enable the SALIENT team to build strong connections across a broad group of stakeholders in central and local government, the devolved administrations and crucially, the public. 

Dr Kirkham added: “Our approach will promote a culture of genuine interdisciplinarity, co-production and citizen engagement, ensuring that the research we do is relevant, timely and represents value for money.” 

Photo by Mylo Kaye on Unsplash

‘Political Polarisation’ now the leading emerging risk for enterprises globally

960 640 Stuart O'Brien
Escalating political polarisation worldwide entered the quarterly Gartner emerging risk tracker for the first time in the fourth quarter of 2023, based on a survey of senior enterprise risk executives.

“Risk executives worldwide are clearly concerned by the potential implications of escalating tensions and conflict all over the globe,” said Ran Xu director, research in the Gartner Risk & Audit Practice. “From Ukraine, the Middle East, the East China Sea, South America, Africa, Western Europe or the U.S., there is evidence of geopolitical instability rooted in increasing political polarization around a number of issues.”

In November 2023, Gartner surveyed 347 senior enterprise risk executives to provide leaders with a benchmarked view of 20 emerging risks. The Quarterly Emerging Risk Reports includes detailed information on the possible impact, time frame, level of attention, and perceived opportunities for these risks.

Mass generative AI availability was the top cited emerging risk in the 4Q23 survey (see Table 1) and has been in the top five in the previous two quarters as well. Escalating political polarization entered the tracker for the first time in second spot, with cloud concentration risk (a top five risk last quarter) coming in third place.

Risk Rank (by Frequency) Risk Name Frequency
1 Mass Generative AI Availability 76%
2 Escalating Political Polarization 69%
3 Cloud Concentration Risk 64%
4 Market Effects from Higher Borrowing Costs 53%
5 Overzealous Cost Cutting 52%

Gartner experts have identified three principal factors that are driving increased political polarisation:

1.    Reinforcing Social Media Algorithms
Algorithms that are designed to ensure engagement and retention on social media platforms by delivering tailored content to individual users, also lead to information silos that feed confirmation bias and can reinforce divisive political outlooks.

2.    Pervasive Economic Pessimism
Although the global economy is still growing, commodity and housing prices remain high amid a recent episode of increased inflation and higher interest rates, squeezing the finances of individuals worldwide. These kinds of heightened economic concerns often push extreme ideological realignments.

3.    Politicization of Civic Institutions
As formerly neutral civic institutions (e.g., the education system) face increasing political scrutiny, public trust in them wavers, and individuals often seek out non-mainstream information sources that align with preexisting beliefs, further reinforcing the impact of social media algorithms.

“The potential consequences of escalating political polarization for any specific organization will be contingent on many factors, such as its line of business or geographical location,” said Xu. “Many organizations, however, will already have been embroiled willingly, or unwillingly, in political debates that could potentially result in reputational damage. Organizations may also be impacted from volatile and unpredictable elections that may cause strategic delays and undermine investor and customer confidence.”

Photo by Sean Pollock on Unsplash

Mobile Phone

UK researchers detail new technique for countering mobile ‘account takeover’ attacks

960 640 Stuart O'Brien

Computer science researchers at the University of Birmingham have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where a hacker gains unauthorised access to online accounts.

Most mobiles are now home to a complex ecosystem of interconnected operating software and apps, and as the connections between online services has increased, so have the possibilities for hackers to exploit the security weaknesses, often with disastrous consequences for their owner.

Dr Luca Arnaboldi, from the University of Birmingham’s School of Computer Science, explains: “The ruse of looking over someone’s shoulder to find out their PIN is well known.  However, the end game for the attacker is to gain access to the Apps, which store a wealth of personal information and can provide access to accounts such as Amazon, Google, X, Apple Pay, and even bank accounts.”

To understand and prevent these attacks, researchers had to get into the mind of the hacker, who can build a complex attack by combining smaller tactical steps.

Dr Luca Arnaboldi worked with Professor David Aspinall from the University of Edinburgh, Dr Christina Kolb from the University of Twente, and Dr Sasa Radomirovic from the University of Surrey to define a way of cataloguing security vulnerabilities and modelling account takeover attacks, by reducing them their constituent building blocks.

Until now, security vulnerabilities have been studied using ‘account access graphs’, which shows the phone, the SIM card, the Apps, and the security features that limit each stage of access.

However, account access graphs do not model account takeovers, where an attacker disconnects a device, or an App, from the account ecosystem by, for instance, by taking out the SIM card and putting it into a second phone.  As SMS messages will be visible on the second phone, the attacker can then use SMS-driven password recovery methods.

The researchers overcame this obstacle by developing a new way to model how account access changes as devices, SIM cards, or Apps are disconnected from the account ecosystem.

Their method, which is based on the formal logic used by mathematicians and philosophers, captures the choices faced by a hacker who has access to the mobile phone and the PIN.

The researchers expect this approach, which is published in the Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS 23), to be adopted device manufacturers and App developers who wish to catalogue vulnerabilities, and further their understanding of complex hacking attacks.

The published account also details how the researchers tested their approach against claims made in a report by Wall Street Journal, which speculated that an attack strategy used to access data and bank accounts on an iPhone could be replicated on Android, even though no such attacks were reported.

Apps for Android are installed from the Play Store, and installation requires a Google account, and the researchers found that this connection provides some protection against attacks.  Their work also suggested a security fix for iPhone.

Dr Arnaboldi said: “The results of our simulations showed the attack strategies used by iPhone hackers to access Apple Pay could not be used to access Android Pay on Android, due to security features on the Google account.  The simulations also suggested a security fix for iPhone – requiring the use of a previous password as well as a pin, a simple choice that most users would welcome.”

Apple has now implemented a fix for this, providing a new layer of protection for iPhone users.

The researchers repeated this exercise across other devices (Motorola G10 Android 11, Lenovo YT-X705F Android 10, Xiaomi Redmi Note Pro 10 Android 11, and Samsung Galaxy Tab S6 Lite Android).  Here they found that the devices that had their own manufacturer accounts (Samsung and Xiaomi) had the same vulnerability as Apple – although the Google account remained safe, the bespoke accounts were compromised.

The researchers also used their method to test the security on their own mobile devices, with an unexpected result.  One of them found that giving his wife access to a shared iCloud account had compromised his security – while his security measures were as secure as they could be, her chain of connections was not secure.

Dr Arnaboldi is currently engaged in Academic Consultancy where he works with major corporates and internet-based companies to improve their defences against hacking.

Third party-related business interruptions pose increasing risk to organisational cybersecurity

960 640 Stuart O'Brien
Despite increased investments in third-party cybersecurity risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions.

That’s according to a new Gartner survey, which points out that third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results.

Zachary Smith, Sr Principal Research at Gartner, said: “Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions.”

The survey was conducted in July and August 2023 among 376 senior executives involved in third-party cybersecurity risk management across organizations from different industries, geographies and sizes.

Effective TPCRM Depends on Delivery of Three Outcomes
Successful management of third-party cybersecurity risk depends on the security organization’s ability to deliver on three outcomes – resource efficiency, risk management and resilience and influence on business decision making. However, enterprises struggle to be effective in two out of those three outcomes, and only 6% of organizations are effective in all three (see Fig. 1).

Figure 1. Security Organizations’ Ability to Deliver on Three Outcomes for Effective TPCRM

Source: Gartner (December 2023)

Four Actions for Security Leaders to Manage Third-Party Cybersecurity Risks
Based on the survey findings, Gartner identified four actions that security and risk management leaders must take to increase their effectiveness in managing third-party cybersecurity risk. The survey found that organizations that implemented any of these actions saw a 40-50% increase in TPCRM effectiveness.

These actions include:

  1. Regularly review how effectively third-party risks are communicated to the business owner of the third-party relationship: Chief information security officers (CISOs) need to regularly review how well the business understands their messaging around third-party risks to ensure they are providing actionable insights around those risks.
  2. Track third-party contract decisions to help manage risk acceptance by business owners:Business owners will often choose to engage with a third party even if they are well-informed about associated cybersecurity risks. Tracking decisions helps security teams align compensating controls for risk acceptances and alerts security teams to particularly risky business owners that may require greater cybersecurity oversight.
  3. Conduct third-party incident response planning (e.g., playbooks, tabletop exercises): Effective TPCRM goes beyond identifying and reporting cybersecurity risks. CISOs must ensure the organization has strong contingency plans in place to prepare for unexpected scenarios and to be able to recover well in the wake of an incident.
  4. Work with critical third parties to mature their security risk management practices as necessary: In a hyperconnected environment, a critical third-party’s risk is also an organization’s risk. Partnering with the critical third parties to improve their security risk management practices helps promote transparency and collaboration.

Photo by Sigmund on Unsplash

Malware protagonists diversifying tools as incidents surge

960 640 Stuart O'Brien

New research has revealed a 70 percent increase in new malware incidents, equivalent to 26 cyberattacks per minute, highlighting a diversification of tools and attacks by threat actors and as they target high-stakes or financially lucrative industries.  

“Malicious actors are working harder than ever to expand their range and volume of cyberattacks,” said Ismael Valenzuela, Vice President of Threat Research and Intelligence, BlackBerry, which conducted the research. “The intensifying number of novel attacks targeting nations and industries demonstrates the impact of the macroeconomic climate on cybersecurity. However, while threats are increasing in number and diversity, so is our ability to defend against them with advanced technologies that predict and prevent attacks.”  

Highlights from the latest BlackBerry Global Threat Intelligence Report, covering the three-month period of June-August, include: 

  • Continued Rise in Cyberattacks Per Minute. BlackBerry stopped over 3.3 million attacks; approximately 26 attacks and 2.9 unique malware samples per minute.  
  • Financial and Healthcare Most Targeted Industries. The financial sector was the most frequently attacked industry this quarter, with healthcare institutions coming in second. High-value data and the opportunity to disrupt essential services make these sectors a prime target for impactful or profitable attacks.  
  • Ransomware Groups Make Double Extortion Standard Practice. LockBit, Cl0p, Cuba, and ALPHV ransomware groups increasingly use double extortion tactics as insurance on attacks, as organizations worldwide improve their data backup strategies.  
  • Australia and United States hit by Highest Increase in Public Sector Attacks. Australia and the U.S. experienced 50 percent-plus more public sector attacks this quarter. BlackBerry Cylance AI prevented the most cyberattacks overall in the United States, followed by Canada, Japan, Peru and India. The most unique malware was observed in the United States, then Japan, South Korea, India, and Canada. 

Photo by Ed Hardie on Unsplash

CISOs: ‘Regulation responsibility is unclear’

960 640 Stuart O'Brien

Over half (56%) of CISOs agree that it is not clear within their organisations whose responsibility it is to manage and implement changes in order to comply with the latest regulations, putting organisations at risk. This is despite over two thirds (67%) claiming that keeping up with changing regulation is an ongoing challenge.

Research conducted by cyber security solutions provider BSS, which explores ‘How CISOs can succeed in a challenging landscape’, also found that a further two thirds (64%) of the 150 UK-based information security decision makers surveyed agreed that regulations change before they have had a chance to successfully implement procedure.

The research also found that regulations like GDPR, which was first implemented in 2018, are still a headache for CISOs, with two thirds (63%) agreeing.

With the deadline approaching on newer regulations such as the Digital Operational Resilience Act (DORA), which comes into action on 17th January 2025, assigning responsibility for managing and implementing regulation must be addressed.

Positively, 80% of CISOs agreed that regulatory compliance is a top priority for their company’s board. But while the priority is there for many, the technology oftentimes does not support it. A third (33%) of CISOs reported that they don’t feel like they have the technology stack required to excel in their role.

In fact, only one in ten (11%) CISOs surveyed reported that their organisations approach to overall cyber risk management is both stable and flexible, allowing them to pivot and respond to opportunities and change, such as regulation.

BSS Director, Chris Wilkinson said: “CISOs need to have a clear idea of where the responsibility for regulation lies in order to succeed in their role. Not complying with regulation leaves organisations at risk and ultimately it is the CISO who will answer to any penalties or cyber threats that come as a result of non-compliance with regulations. If CISOs are culpable then they also need to be in control.”

Photo by Adam Nowakowski on Unsplash

Zero Trust ‘now the norm’ for global business

960 640 Stuart O'Brien

Zero Trust (ZT) has become the default cybersecurity strategy for global business: In 2021, fewer than one in four of the organisations surveyed had a ZT strategy in place, but by 2023, this number has grown to 61%. In addition, a further 28% plan to implement Zero Trust within the next year and a half.

That’s according to the 2023 State of Zero Trust Report released by Okta. For the first time since the firm started issuing the State of Zero Trust Report in 2019, the number of organisations that already have a defined Zero Trust strategy in place, far exceeds those still in planning stages (or without such a strategy).

In partnership with Qualtrics, in April 2023, Okta conducted a global study including 860 information security decision makers from North America (US, Canada); EMEA (Denmark, Finland, France, Germany, Ireland, Netherlands, Norway, Sweden, UK); and APJ (Japan, Australia).

“We now live in a Zero Trust world,” said Stephen McDermid, EMEA CSO for Okta. “The global figures suggest that within 18 months, nine in every 10 businesses will ‘be ZT’. And businesses are putting their cybersecurity money where their Zero Trust mouth is. Despite widespread cost-cutting, 60% of organisations have seen an increase of up to 24% in their ZT budgets since last year.”

The report suggests that leaders recognise the primary importance of Zero Trust in enabling today’s digital business. The research shows 93% of the global C-Suite now believe that Identity is important to their business strategy.

The report demonstrates that, despite growing knowledge of the low assurance value, passwords remain the standard for authentication – and are in use at more than half (55%) of our respondent’s organisations, across all regions.

Security questions were the second most commonly used practice, with just 19% (less than 1 in 5) of businesses) using high-assurance factors like platform-based authenticators and biometrics.

“In a world where businesses must never trust and always verify, the method of verification is critical,” continued McDermid. “The uncomfortable truth behind recent attacks is that verification based on passwords and simple questions is not enough. Social engineering has evolved dramatically and as such, so should the front line of identity verification. In practice, this will mean passwordless technologies.”

As an insight into the drivers behind this need to address social engineering, respondents to the research cited “People” as the biggest security concern for businesses with “Network” and “Data” coming in a distant second and third, respectively. While the user has always been rated a top priority, this year it’s an unusual outlier, reflecting an increasing understanding of the critical function of identity, in Zero Trust security initiatives.

In the face of this perception that the user remains the weakest link, more than two in three companies either say security is the unquestioned top priority or that their current priority balance is three-quarters security, one-quarter usability.

However, the research also reveals that holes still remain. Only 1 in 5 (20%) of respondents have automated provisioning/deprovisioning for external users such as partners and contractors. This suggests that companies remain especially vulnerable to attacks from within the supply chain.

McDermid added: “Companies have long since recognised that either through malice or simple poor practice, their people represent the single biggest security threat, but these figures suggest that businesses may have been too narrow in the definition of ‘their people’.  Suppliers and partners are – from a security perspective – just as risky as an employee. But there seems to be a lag in addressing this.”

Within this incredibly active global market, there are some clear leaders when it comes to embracing ZT. Companies in financial services and software are more likely to have an initiative in place today (at 71% and 68%, respectively).

58% of public sector organisations have a ZT strategy, with almost another third planning to implement one in the next 12 months.

“It is easy to see the impact of regulation on these figures,” concluded McDermid. “Some industries will face tighter demands that necessitate Zero Trust and drive the market in the short term. We welcome this catalyst for innovation and look forward to seeing what early adopters can show the wider industry.

“The past two years have seen a huge jump in the number of businesses that say identity is a critical part of their Zero Trust strategy.  Now that Zero Trust is set to define how business is done, it follows that getting identity right will be a major factor in making that business easier, faster, and better.”

Photo by Towfiqu barbhuiya on Unsplash

Physical security incidents cost the world’s biggest firms $1 trillion in 2022

960 640 Guest Blog

Large global companies lost a combined $1 trillion in revenue in 2022 due to physical security incidents, while economic unrest is expected to be the greatest security-impacting hazard in the next 12 months, itself a significant increase on the prior year.

That according to a new report commissioned by Allied Universal, based on an anonymous survey of 1,775 chief security officers (CSOs), or those in equivalent roles, from large, global companies in 30 countries, with a combined annual revenue of more than $20 trillion, which also found that companies anticipate a surge in threats and hazards like social unrest, climate change, fraud and theft.

As a result, physical security budgets are predicted to increase significantly to keep people, property and assets safe. Security leaders intend to focus investments on advanced technology and providing security professionals with additional skills and training.

Fraud – deception intended to result in gain – is likely to be the biggest external threat over the coming year. The leaking of sensitive information is predicted to be the biggest internal threat. Dangers posed by hackers, protestors, spies and economic criminals are expected to soar.

“As the world’s leading security company, we commissioned this report for the benefit of the entire industry and the companies we protect. It comes at a time hen organizations across the globe are increasingly navigating more complex security hazards and threats. The research shows the impact of security threats on organizations is multidimensional – from the disruption of productivity to the loss of customers, to the potentially staggering financial impact,” said Steve Jones (pictured, above), Allied Universal’s global chairman and CEO.

One in four (25%) companies reported a drop in their corporate value following an external or internal security incident during the last 12 months.

In addition to CSOs, the report also surveyed 200 global institutional investors to understand the impact of security incidents on the value of publicly traded companies. Investors estimated an average 29% drop in stock price in the wake of a significant internal or external security incident in the last 12 months.

“Global businesses are facing increased security threats; a tight labor market globally; and rapidly changing technology that presents new risks and requires different skills. In addition, executive boards are grappling with balancing physical and cybersecurity alongside other priorities. The World Security Report helps our entire industry and the wider business community better understand and operate in the challenging, global and fast-moving security landscape,” said Ashley Almanza, executive chairman of G4S, Allied Universal’s international business.

Key findings from the World Security Report:

Security Threat and Incident Findings

  • Economic unrest was reported by 47% as the greatest security-impacting hazard in the next 12 months — up from 39% in the previous year.
  • Climate change events are on the rise and the second most concerning hazard, with 38% saying they may be impacted in the next year. This was followed by social unrest (35%), disruption to energy supplies (33%) and war or political instability (32%).
  • Leaking of sensitive information is expected to be the biggest internal threat in the next 12 months according to 36% of respondents.
  • Misuse of company resources or data was the most common internal incident with 35% of companies having experienced this already over the last 12 months.
  • Fraud is expected to be the biggest external threat in the next year, predicted by 25% of CSOs.
  • Fraud and phishing and social engineering were the most common external security incidents experienced in the last 12 months (23%).
  • The threat from two groups, subversives, hackers, protestors, or spies and economic criminals, are likely to soar, with 50% and 49% of respondents predicting they will be impacted by these groups, both up from 39% in the last year.

Security Budgets

  • Security budgets represented approximately $660 billion (3.3%) of global revenue at respondent companies in 2022.
  • Physical security budgets at 46% of respondent companies are set to significantly increase in the next 12 months.
  • Artificial intelligence (AI) is top of the agenda for future physical security technology investment, with 42% intending to invest in AI and AI-powered surveillance over the next five years.

The Future of Security Insights

  • Cyber threats that threaten physical security systems are challenging to operations according to nine out of 10 respondents.
  • CSOs reported a disconnect between physical security incidents and the importance placed on them at board level; nine in 10 CSOs said company leaders are more concerned about cyber than physical security.
  • Eight in 10 (84%) said recruitment of security professionals will be challenging over the next five years.
  • Nine in 10 (92%) said people skills are more important than physical attributes of strength in front-line security professionals.