- 92% of UK businesses have experienced a cyberattack in the last 12 months, with over two-thirds (72%) successfully breached at least once
- One in three UK businesses (31%) will hold the CTO directly answerable for a successful cyberattack on their organisation
- Over a third of UK IT decision makers (36%) have kept a cyberattack on their business secret
UK businesses are struggling to deal with multiple urgent cybersecurity challenges, new research by Keeper Security has revealed. The 2021 Cybersecurity Census Report shows cyberattacks are becoming more vicious, frequent and sophisticated, while UK businesses are underprepared and too slow to counter these attacks. As a result, senior leaders within UK organisations are preoccupied with playing a cyberattack blame game instead of investing in boosting their defences.
The report has found that more than nine in ten (92%) UK business suffered a cyberattack in the last 12 months and three quarters (78%) feel unprepared to deal with this threat. Nearly a third (31%) believe CTOs should take the blame in the case of a successful cyberattack.Such a weight of responsibility means cybersecurity standards are dropping: 36% of senior IT leaders confess to having kept a cyberattack to themselves, while 32% admit to using weak credentials such as ‘password’ or ‘admin’ to protect their data.
“UK businesses are clearly worried about their cybersecurity and, as our report has found, the challenges are manifold, affecting everything from budgets to productivity,” said Darren Guccione, CEO & co-founder, Keeper Security. “While there is a desire to boost security efforts, companies are facing many competing challenges right now and, understandably, might not always make cybersecurity investments a priority. Our report is an urgent reminder for organisations to proactively address their cybersecurity challenges as a priority since deferring them will make the consequences far more severe.”
Key findings include:
- Almost all (92%) UK organisations are aware of gaps or weak links in their cybersecurity defences are, but less than half (40%) are actively addressing all of them
- Two-thirds (66%) of UK organisations have relaxed their cybersecurity policies over the past 12 months so staff can work remotely or in order not to stifle productivity
- 58% of IT professionals feel employees at their organisations do not understand the full consequences of poor cyber-hygiene
- 61% of UK companies have a skills shortage in cybersecurity
- The financial fallout of cyberattacks has been damaging, too, costing nearly one in ten (8%) UK businesses over £1 million
- An overwhelming 87% of IT leaders support the creation of a nationwide governing body to hold businesses to account when it comes to best online security practices
- And almost all (91%) are in agreement that UK businesses should be legally required to have basic cybersecurity protections in place to be allowed to operate
“Companies are struggling to put the right solutions in place to cope with cyberattacks and the consequences are both damaging and costly,” said Craig Lurey, CTO and co-founder, Keeper Security. “The conditions caused by Covid-19 have led to an increased amount of hybrid working, making effective cybersecurity defences even harder to achieve. But if businesses want to bounce back fully after the pandemic, they must get their security hygiene in order without delay.”
Despite the rise in cyberattacks and increasing pressures felt by security teams, more than a quarter of UK companies (28%) do not consider IT to be even in their top three priorities as they plan for the next 12 months. This is particularly worrying, given almost all (92%) UK organisations know where the gaps or weak links in their cybersecurity defences are but well under half (40%) are actively addressing them.
Guccione concludes: “While this situation can’t be rectified overnight, there are straightforward steps UK businesses can take to boost their cyber defences. First, organisations should do a comprehensive cybersecurity audit, looking at where the gaps lie and how they can be addressed. Next, they need to put in place a clear plan of action for how to address these challenges. Running cybersecurity training sessions to educate employees and introducing a password management platform to keep credentials safe and secure are two simple, yet highly effective actions business can take today, to be better prepared against cyberattacks tomorrow.”