Cybercrime is up. According to a PwC study, nearly one-third of global businesses have been victimized, while in the U.K., online crime has jumped 20 percent in the last two years and now accounts for 44 percent of the country’s economic crime over the past 24 months.

Despite the big bump for malicious actors, however, companies aren’t confident in their own security procedures or the ability of local police to handle this evolving attack vector. Is there a way to shore up InfoSec assurance even as cybercriminals diversify their efforts?

Fighting the Cybercrime Tide

According to Infosecurity Magazine, reporting on recent PwC survey data, the worst may be yet to come for U.K. businesses: 51 percent expect they’ll fall victim to a successful cyberattack in the next two years. What’s more, 30 percent still don’t have a cyber response plan despite the increasing severity of data breaches. John Tracey of PwC puts it simply: “The threat of cybercrime is now a board-level risk issue, but not enough U.K. companies treat it that way.”

While the tendency of InfoSec professionals and C-suite members is to look outward for incoming attacks, insider threats remain the biggest issue for companies. Although most are tied to ignorance or expedience rather than malice, the end result is the same. It’s no surprise, then, that many companies see the fight against cybercrime as a struggle against the tide, where even the best defense is only a temporary fix.

Double Disruption

Taking a page from recent Linedata results, Forbes tagged cybercrime as one of the largest disruptors to business over the next five years. While law enforcement agencies are making some progress as international collaboration becomes de rigueur, ComputerWeekly noted that most companies taking their problems to local police still experience the same response: Make a report, but don’t expect results.

Combating the threat of online crime requires a concurrent disruption to existing InfoSec procedures when it comes to detecting, monitoring and ultimately eliminating threats. First step? Design a cyber response plan — don’t be one of the 30 percent hoping they’ll somehow avoid the fallout.

Next, be prepared for a cultural shift. As cybercrime gains traction around the world, it’s not enough for companies to simply layer on security. Authentication, encryption and access monitoring must be built into every aspect of IT deployment, from front-line employees up to the C-suite.

With insider threats still the biggest security hole for even tech-savvy businesses, it’s not enough to spend on technology and shore up network defense. People must be an integral part of the process for companies to make the shift from crime spectators to active security players.

Cybercrime is up worldwide. The U.K. is taking the brunt and other companies can learn by example: It’s time for a new take on cybersecurity.