Cloudsec Initial analysis of the European cybercrime scene shown to The Register suggests a growing concern about the threat from targeted attacks, with British enterprises significantly ahead of their European counterparts in terms of cybersecurity measures.
The research, commissioned by Trend Micro to better appreciate the security market in Europe, and conducted by Quocirca, focused on targeted attacks rather than random malware issues, and was shared with El Reg at a Cloudsec roundtable.
It suggests that of the 500 enterprises questioned, all with more than 2,500 employees, most believe that targeted attacks have increased over the last 12 months.
Concerns about cybercrime have risen, and become especially prevalent among British business since 2013, when only a quarter of Blighty's enterprises believed targeted attacks were inevitable.
That figure has now risen to 72 per cent, with a further 21 per cent now considering targeted attacks a concern, even if disputing their inevitability.
In the last twelve months, British businesses detected 8.6 targeted attacks on average. This is significantly higher than the 6.2 attacks detected across Europe as a whole (including the UK).
That a higher number of targeted attacks were detected across Europe by the financial services and IT sectors suggests detection may correlate more closely with the maturity of the sector's cyber savvy, rather than be representative of the threat landscape.
Bob Tarzey, analyst and director at Quocirca, and Rik Ferguson, veep of Security Research at Trend Micro, suggested that the data, which includes organisations who believe they had never been attacked, might not necessarily preclude UK-based enterprises genuinely being targeted more than those on the continent.
While UK organisations have reported a higher average number of attacks, fewer are sure they have been targeted. Some 18 per cent of British enterprises believe they haven't been targeted at all, a figure about which Tarzey was highly skeptical.
The figures above, which are all consistently given as a percentage of the total set of enterprises questioned, suggest that 27 per cent of definite targeted attacks were successful, a significantly lower percentage than attacks across Europe as a whole.
Just under a quarter of successful attacks lead to "a lot/devastating" amount of data being compromised in the UK, which is slightly more favourable when compared with the same effect Europe-wide.
The average estimated cost of a cyber-attack for a UK business is £172,000, compared with £243,000 for all Europe.
As an anecdote, Ferguson noted that when giving talks, he often asked attendees whether they could confidently tell him what version of the often-to-be-patched Acrobat Reader app all of their users were currently running.
"Regardless of audience size," Ferguson said, "I will only ever get two hands up."