Reece Donovan, Chief Executive at iomart
– Industry leaders do not feel confident in their ability to handle threats
– Recruitment and expertise are proving major obstacles for organisations seeking to protect themselves from emerging cyber security issues
– Skills shortages affecting almost half of all organisations
UK businesses are facing an unprecedented number of cyber security threats, with senior executives admitting they aren’t confident of their organisation’s ability to deal with this ongoing increase.
That is according to the ‘The state of cyber security in the UK’ report by cloud computing specialists, iomart, in partnership with Oxford Economics, a leader in global economic forecasting and econometric analysis.
The report surveyed 500 UK-based cyber security strategy decision-makers and showed that organisations faced an average of 24 incidents relating to cyber security threats in the last year. That figure increases significantly in certain industries like finance (41) and insurance (40).
Almost half (47%) of all the organisations polled, cited a shortage of skills as a ‘top challenge’ to achieving cyber security goals. In fact, skill shortage was the most common challenge, coming in ahead of too many products on the market (45%) and budget limitations (40%).
Phishing (62%) and malware (57%) represent the greatest concerns among respondents, but only half of those polled said they were confident in their organisation’s ability to handle these threats.
With an enormous array of cyber security products and tools on the market, most organisations have taken steps to implement a stronger cyber strategy, for example, investing in new technology. However, less than half say that these investments have actually been effective in mitigating cyber breaches.
While counterintuitive on the surface, one explanation for this is that 47% of the respondents cite skills shortages as the top challenge to meeting cybersecurity goals. Indicating that, despite a willingness to invest, without the right expertise in place it is very difficult to get the most out of a technology investment.
What’s more, the landscape doesn’t look likely to simplify in the near future. The volume and complexity of data being handled by organisations continue to increase and issues are exacerbated by the Covid-inspired rise in flexible working continuing post-pandemic.
Some 49% of participants cited the increased volume of data as a challenge, with changing business models being called out by 45% of the organisations polled. The increased pace of technology (43%) also featured, as effects from the pandemic have complicated organisations’ ability to protect themselves from cyber threats.
The changes we have all experienced in the last three years have left a lasting mark on the business landscape. The ‘The state of cyber security in the UK’ report shows an ongoing increase in the number of breaches being suffered by organisations. And the results indicate there’s no single reason for this. However, the data in the report clearly highlights the post-pandemic changes to the way we do business, as contributing factors. The barrier to entry for cybercriminals is much lower than it ever was. Someone can set up a devastatingly effective ransomware business from their bedroom, for as little as £50. This means that all organisations, irrespective of their size, are now potential targets.
The report also shows a higher-than-expected number of breaches. It indicates that organisations are facing a greater volume of threats than ever before. These threats are far more complex and difficult to defend against than we’ve ever seen. This results in a great deal of uncertainty.
The data in our report highlights that organisations are struggling to “sort through the noise” when it comes to cyber security tools. The market is saturated with technology that promises a lot but, unless an organisation has the right expertise in place, it’s unlikely that technology will be used effectively. And, with almost 40% of respondents struggling to attract and retain the right staff, this is an issue many are facing. It’s the balance of people, process and technology that can really make a difference when it comes to an organisation’s level of cyber risk, so how we look to nurture and create talent in the UK is a crucial consideration.
What’s more, most of the technology is based on ‘shutting the front door’ and not allowing the threat through in the first place. While this approach will always have its place, a lot of organisations now operate on a ‘Zero Trust’ basis. This means they assume they have already been breached and work to have processes in place to protect their most valuable data and ensure they are able to recover quickly and efficiently, minimising the all-important downtime.
In total, 40% of respondents highlighted budget or cost limitations as a top challenge when it came to meeting cybersecurity goals. And while cost is certainly a factor, strong cyber security credentials shouldn’t just be seen as a drag on an organisation’s bottom line.
We’re seeing a lot of uncertainty at the moment and that means that organisations across the board have cost at the forefront of their minds. The report highlights that budget is one of the major challenges to organisations meeting their cyber security goals. It’s perfectly understandable, rising prices are affecting everyone. However, it’s important that businesses look beyond the bottom line.
There’s certainly no getting away from the fact that establishing and maintaining a strong cybersecurity posture is going to require a level of investment. It used to be that this investment was really just a cost. A business would pay for the latest antivirus or firewall and that would be that. In recent years though, things have changed and a strong cyber security setup brings far more benefits than it used to. If businesses want to compete in a crowded marketplace a demonstrably competent and comprehensive cybersecurity strategy is going to be essential.
When looking to the future, most of the respondents have plans to invest further in emerging technology and expertise. More than half (52%) are looking to invest in third-party consultants over the next two years. Future tech investments focus on private cloud storage (81%), automation (77%), and artificial intelligence (AI) (72%).
While accepting that future technology would inevitably play a growing role, expertise will always be the most important.
Hackers are moving at an incredibly fast pace, using the latest technology to give them an edge. It’s therefore important that organisations integrate new and emerging technology into their cyber security strategy.
There is a desire to invest in more sophisticated tools like automation and AI. These could help bridge the skills gap as well as mitigating against alert fatigue and burnout. However, even the most sophisticated technology will not bypass the existing issues and, if the technology is not properly managed, it simply won’t work effectively. That’s why, no matter what the next technology to emerge is, there is simply no replacement for skilled and knowledgeable expertise.