A quarter of UK companies admit they don’t spend enough on cybersecurity and lack expertise
January 2022 by Kaspersky
Despite the well-documented cyber threat landscape – with four in five (82%) UK companies having fallen victim to a cyberattack – nearly a quarter (24%) admitted they are not spending enough on cybersecurity measures, according to Kaspersky data.
These findings have been highlighted in Kaspersky’s latest report, titled Must-have cybersecurity insights for proactive business decision makers – revealing a mismatch between cybersecurity budgets and threat levels. The study shows that even though 64% of UK businesses recognise that they need to be more proactive in strengthening their cybersecurity measures, 57% lack the resources to find a trusted expert, resulting in many opting to handle cybersecurity measures internally.
This is reflected by the fact that 62% of UK companies say they find it difficult to monitor possible risks or breaches amid the proliferation of personal devices being used for work and the permanent move, for most organisations, towards hybrid-remote working.
Additionally, 60% of decision makers agreed that they are concerned at the lack of support from their organisation when it comes to preventing cybersecurity incidents, with a further 67% admitting they are unhappy that they could be personally liable for cybersecurity incidents.
When it comes to prominent cyber threats, the most common cyberattacks suffered by UK businesses were email attacks (29%), malware attacks (26%), spyware attacks (24%) and ransomware attacks (18%). Although email attacks seem to have affected companies the least, two thirds (65%) of those surveyed admitted they are concerned about email threats, with Spyware (69%), Ransomware/Malware (68%) and targeted attack (67%) vectors at the top of their agenda.
“Whether it’s down to human error, cleverly disguised email attacks or the growing complexity of IT infrastructures, our survey shows very clearly the pain points that all companies – whether large or small – need to address. A major part of these budget constraints is that companies perceive their internal protection as being better than it actually is, with resources directed at bolstering internal teams.
Outsourcing skills-hungry security tasks, such as threat hunting, to an experienced MDR provider will deliver an instantly matured IT security function without the need to invest in additional staff or expertise. Fully managed and individually tailored ongoing detection, prioritisation, investigation and response can help prevent business disruption and minimise overall incident impact, more than justifying any associated costs”, comments Christopher Hurst, General Manager, Kaspersky UK&I.
Kaspersky advice for businesses
At enterprise level, Security Operation Centres (SOCs) and Security Information and Event Management (SIEM) integration increases the level of security; for SMBs, the easiest way to face today’s IT security challenges is to enlist external and trusted IT security expertise. To help put the right measures in place, Kaspersky provides the following advice:
• Use dedicated and effective endpoint protection, threat detection and response products to detect and remediate even new and evasive threats in a timely way - Kaspersky Optimum Framework includes comprehensive endpoint protection, empowered with Endpoint Detection Response and Manager Detection Response (EDR and MDR) solutions
• Provide your SOC team with access to the latest automated threat intelligence and regularly upskill them with professional training
• Provide all staff with basic cybersecurity hygiene training, as many targeted attacks start with phishing or other social engineering techniques
• Integration of human expertise and technology is key. If you get both from one trusted partner which is integrated and partly automated, companies can get enterprise-wide visibility which saves them time and increases efficiency. This frees up the security team’s time to work on more important matters. The full Kaspersky report, ‘Must-have cybersecurity insights for proactive business decisionmakers’, is available here, and includes a checklist for how companies can optimise their cyber-protection, step-by-step.
The survey was conducted by Arlington Research on behalf of Kaspersky in August 2021. It involved an online survey of 1,500 business decisionmakers in Europe – 250 each from Germany, the UK, France, Italy, Spain, and the Czech Republic. 62% of respondents are employed in companies and organizations with a size of 50 to 999 employees and 38% with more than 1,000 employees.