HALF of businesses are ill-prepared to deal with cyber attacks as their scale and severity increases, according to a leading business services group.

KPMG issued the warning as it published its latest global Chief Information Officer (CIO) survey, which questioned more than 3,300 CIOs and technology leaders.

The survey revealed nearly one in three (28 per cent) of CIOs had to respond to a major cyberattack in the past two years, compared to one in five (22 per cent) in 2014’s report.

According to the company, this represented a marked increase in the severity of attacks.

Including non-major breach attempts, its figures revealed the vast majority (97 per cent) of businesses had been the victim of digital attack at some point.

George Scott, KPMG Scotland’s cyber security director, said: “The latest trends in cyber attacks are alarming, although not unexpected.

“Criminals are better informed than ever before and they’re able to go after more valuable targets. Methods of infiltration are becoming more sophisticated and the latest breach techniques are easily traded between criminals.

“In short, it’s becoming much harder for organisations to defend against cybercrime.”

Scott added that investment in the right defensive technology was only part of the answer.

“CIOs need to view cyber security as an ongoing process. Regular auditing and staff training are among the best ways to minimise the threat of a breach.

“If a weakness does exist, you want to be able to find it before the criminals do.

“Above all, cyber criminals realise people are the weakest link and that even with the most cutting-edge technology in place, a company can easily fall victim to a cyber attack if the correct attitudes and security culture haven’t been instilled in the workforce.”

The report, undertaken in conjunction with recruitment group Harvey Nash, also found that even with the escalating threat and number of attacks, only one in five (22 per cent) CIOs felt their organisation was well positioned to deal with IT security.

An earlier report by BT and KPMG – Taking the Offensive: Working Together to Disrupt Digital Crime – found that while 94 per cent of IT decision-makers were aware of criminals blackmailing and bribing employees to gain access to organisations, around half (47 per cent) admitted they did not have a defence strategy in place to prevent it.

“We are seeing a higher number of cyber incidents in Scotland originating from within the organisation than before,” added Scott.

“Although this doesn’t suggest they are always malicious, it does highlight the importance of ensuring a company’s IT strategy is developed in conjunction with other business functions, such as procurement and supply chain, HR and finance.

“Businesses, regardless of their sector, are now all ‘IT companies’ of some sort, and so consideration must be given across the enterprise to the opportunities and risks that information and IT bring.”