An alarming number of UK businesses were hit by security incidents last year

Security pros don't have much confidence in the top brass

Some 36% of businesses in the UK were affected by at least one IT security incident over the course of last year, according to some new research.

This figure comes from a Harvey Nash survey of 200 IT security pros (spotted by Computing), and it produced a number of illuminating statistics concerning cybersecurity in the business world.

For example, 24% of respondents said that their company had been hit by a DDoS (or plain Denial of Service) attack during 2015.

However, the most common form of attack was phishing or social engineering at 73%, followed by your traditional malware at 53%.

When it came to the damage these attacks did, just over half of the reported incidents caused some loss of revenue to the business in question. Just over a third (35%) said there was also damage to their reputation in terms of customer confidence being weakened – which can be an even more costly forfeit in the longer term.

Crisis in confidence

The Harvey Nash report also pointed to a lack of general understanding of IT security, and found that many security professionals didn't have much confidence in the big cheeses presiding over their companies.

Indeed, 45% of respondents felt that their board of directors either had a "major gap" in their comprehension of cyber-security risks, or they just didn't understand the risks at all. And many of those surveyed felt the same way about CEOs and other C-level executives.

Of course, if security in the business world can be regarded as wobbly, then who knows how you'd describe the state of security for consumers – a report which emerged this week on the worst passwords being used in 2015 was the usual complete cringe-fest.

As ever, the most prevalent password was '123456' followed by that old classic, 'password'. That must make security pros just want to give up and go home…