UK businesses are facing an unprecedented number of cyber security threats, with senior executives admitting they aren’t confident in their organisation’s abilities to deal with this increase.
That is according to the ‘State of Cyber Security in the UK’ report by iomart, in partnership with Oxford Economics.
The report surveyed 500 UK-based cyber security strategy decision makers and showed that organisations faced an average of 24 incidents relating to cyber security threats in the last year. That figure increases significantly in certain industries like finance (41) and insurance (40).
Almost half (47%) of all organisations polled cited a shortage of skills as a ‘top challenge’ to achieving cyber security goals. In fact, the skills shortage was the most common challenge, coming in ahead of too many products on the market (45%) and budget limitations (40%).
Phishing (62%) and malware (57%) represent the greatest concerns among respondents, but only half of those polled said they were confident in their organisation’s ability to handle these threats.
With an enormous array of cyber security products and tools on the market, most organisations have taken steps to implement a stronger cyber strategy by investing in new technology. However, less than half say these investments have been effective in mitigating cyber breaches. Whilst counterintuitive on the surface, one explanation for this is that 47% of the respondents cite skills shortages as the top challenge to meeting cyber security goals. Indicating that, despite a willingness to invest, without the right expertise in place it is very difficult to get the most out of a technology investment.
What’s more, the landscape doesn’t look likely to simplify soon. The volume and complexity of data being handled by organisations continues to increase and issues are exacerbated by the COVID-19 inspired rise in flexible working.
Some 49% of participants cited the increased volume of data as a challenge, with changing business models being called out by 45% of the organisations polled. Increased pace of technology (43%) also featured, as effects from the pandemic have complicated organisations’ abilities to protect themselves from cyber threats.
Speaking about ‘The state of cyber security in the UK’ report Reece Donovan, Chief Executive at iomart says: “The changes we have all experienced in the last three years have left a lasting mark on the business landscape.
“The ‘State of Cyber Security in the UK’ report shows an ongoing increase in the number of breaches being suffered by organisations. And the results indicate, there’s no one single reason for this. However, the data in the report clearly highlights that the post-pandemic changes to the way we do business is a contributing factor. The barrier to entry for cyber criminals is much lower than it ever was. Someone can set up a devastatingly effective ransomware business from their bedroom for as little as £50. This means that all organisations, irrespective of their size, are now potential targets.
“The report also shows a higher than expected number of breaches. It indicates that organisations are facing a greater volume of threats than ever before. These threats are far more complex and difficult to defend against than we’ve ever seen. This results in a great deal of uncertainty.
“The data in our ‘State of Cyber Security’ report highlights that organisations are struggling to ‘sort through the noise’ when it comes to cyber security tools. The market is saturated with technology that promises a lot. But unless an organisation has the right expertise in place, it’s unlikely that technology will be used effectively. And, with almost 40% of respondents struggling to attract and retain the right staff, this is an issue many are facing. It’s the balance of people, process and technology that can really make a difference when it comes to an organisation’s level of cyber risk, so how we look to nurture and create talent in the UK is a crucial consideration.
“What’s more, most of the technology is based on ‘shutting the front door’ and not allowing the threat through in the first place. Whilst this approach will always have its place, a lot of organisations now operate on a ‘zero trust’ basis. This means they assume they have already been breached and work to have processes in place to protect their most valuable data and ensure they are able to recover quickly and efficiently, minimising the all-important down time.”
In total, 40% of respondents highlighted budget or cost limitations as a top challenge when it came to meeting cyber security goals. And whilst Reece believes that cost is certainly a factor, he insists that strong cyber security credentials shouldn’t just be seen as a drag on an organisation’s bottom line.
“We’re seeing a lot of uncertainty at the moment and that means that organisations across the board have cost at the forefront of their minds. The report highlights that budget is one of the major challenges to organisations meeting their cyber security goals. It’s perfectly understandable, rising prices are affecting everyone. However, it’s important that businesses look beyond the bottom line.
“There’s certainly no getting away from the fact that establishing and maintaining a strong cyber security posture is going to require a level of investment. It used to be that this investment was really just a cost. A business would pay for the latest anti-virus or firewall and that would be that. In recent years though, things have changed, and a strong cyber security set up brings far more benefits than it used to.
“If businesses want to compete in a crowded marketplace, a demonstrably competent and comprehensive cyber security strategy is going to be essential.”