Regional Roulette: UK Businesses slowest to identify anomalous activity on network

  • New research shows UK firms take an average of nine hours to spot breaches, slower than US (seven), Germany (eight) and Australia (five
  • Sluggish response of UK firms could cause loss of 280,000 additional documents 

18 December 2015, Theale UK – Speed is critical in preventing data loss, yet according to new research from Clearswift, UK businesses have estimated that it takes an average of nine hours to spot unusual activity on their organisation’s network. UK firms are the slowest off the mark, coming in two hours behind their US counterparts, who take seven hours to identify abnormal activity, and one hour slower than German businesses, who take an average of eight hours. The UK takes almost double the time it takes for firms in Australia to respond, who average only five hours until they identify something may be wrong. 

These figures are particularly worrying in the wake of a flurry of high profile cyber breaches in the UK already this year particularly when put in the context of the potential damage that could be done in a matter of minutes, let alone hours. With UK firms lagging over two hours behind those in the US it is estimated* that 280,000 documents could be accessed and stolen in this additional reaction time. 

Dr Guy Bunker, SVP at Clearswift said: “Cyber attacks by unscrupulous individuals are becoming a major problem and it’s time for the UK to wake up to this fact. Speed holds the key and when it comes to speed of response, firms need to think in minutes not hours, constantly striving for better. Better still, organisations need to take a proactive stance. It is unfortunately a ‘when’ not an ‘if’ scenario.”

Threats can be borne both internally and externally, with both needing to be treated just as seriously. Despite this, just 14% of respondents believe until their organisation has experienced a serious internal data breach, the issue will never be taken as seriously as the threat of external hackers and little is done to prevent breaches of an insider nature.

“Any security game plan needs to be adaptable and should fit with the industry landscape. New external and internal factors should influence how your organisation obtains, stores, shares and deploys information. These can all affect how information could become vulnerable, and where the next threat is coming from,” concluded Dr Bunker.

To help identify potential insider threat mechanisms, Clearswift has developed the ‘Regional Risky Business Christmas Challenge’, a festive game which allows you to explore an office environment in your selected global region, a challenge to find as many potential insider threat sources as possible in the allocated time frame (region dependent) plus a top tips page for spotting unusual activity on your network.


*280,000 documents in two hours based on a business line bandwidth (100Mbit), which equates to a theoretical maximum of around 45+GB / hour and average document size taken to be 321kb.

Additional Information

Notes to editors:

Notes to editors: This data was taken from research conducted by technology research firm Loudhouse on behalf of Clearswift. Over 500 IT Decision makers and 4000 employees were polled to gauge the level of threat from insiders.

For further information or to arrange a briefing please contact:

Bryony Chinnery
T: 0207 193 8604

About Clearswift
Clearswift is trusted by organisations globally to protect their critical information, giving them the freedom to securely collaborate and drive business growth. Our unique technology supports a straightforward and ‘adaptive’ data loss prevention solution, avoiding the risk of business interruption and enabling organisations to have 100% visibility of their critical information 100% of the time.