2022 Cybersecurity Census Report reveals lack of preparedness against rising cyberattacks

Almost one in five (17%) UK businesses are subjected to approximately two cyberattacks every working day.

  • 2 years ago Posted in

Cyberattacks are hammering businesses of all sizes and sectors across the UK, with just a fraction of those prepared to defend against them, according to new research by Keeper Security. The 2022 Cybersecurity Census Report reveals that companies are suffering severe organisational, financial and reputational damage. Yet, despite IT leaders expecting this onslaught to intensify over the next year, preparation is lacking, with only a minority of organisations feeling ready to face the threats.

The report found that the average UK business experiences 44 cyberattacks per year—more than three every month—and almost one in five (17%) are subjected to over 501 attacks in a single year. This calculates to approximately two cyberattacks every working day. While only around two of those cyberattacks are successful each year, IT leaders fear the frequency of attacks will intensify, with 46% expecting both the total number of attacks and number of successful attacks to increase over the next year.

Cyberattacks are causing businesses significant harm

 

Successful cyberattacks have the potential to bring businesses of all sizes to a standstill. Alarmingly, just 26% of respondents consider their business very prepared to defend against them. 

 

Over one third (35%) of victims of a cyberattack report disruption to trading, such as the ability to carry out business operations

Over one third (34%) experienced reputational damage due to an attack 

31% of both larger (over 1,000 employees) and smaller (fewer than 1,000 employees) businesses experienced theft of financial information from a successful cyberattack

More than a fifth (22%) of businesses experienced theft of money—with the financial disruption totalling more than £100,000 on average. Considering the current macroeconomic uncertainty in the UK, and the fact that the average UK SME makes just £11,000 in profits per year, such financial losses can be terminal.

Cybersecurity Investments and Tools

The rise of hybrid and remote work is widening the gap between what’s necessary to secure organisations and what’s available, with shortfalls in cybersecurity investment leaving businesses exposed. 

 

Visibility of system users, password strength and permissions are baseline necessities regardless of business size or sector, yet IT leaders admit their tech stacks lack essential tools:

 

Over one-third of respondents (35%) lack a manager for IT secrets such as API keys, database passwords and credentials

Almost nine in ten (87%) highlight concerns about the dangers of hard-coded credentials—embedding authentication data such as user IDs and passwords directly into source code

29% lack a connections manager to help manage remote access to privileged infrastructures

IT leaders acknowledge their current security measures have identifiable weak points, and passwords and credentials are particular areas that require urgent investment. Despite this, almost one-third (32%) state they leave it entirely to employees to set their own passwords, with access often shared as needed. 

 

“The cybersecurity landscape is complex, with ever-changing risks and shifting priorities to manage. However, the research shows that organisations could and should be doing more,” said Darren Guccione, CEO & co-founder of Keeper Security. “While many organisations consider future investments, they face being outmatched by rising external threats and the demands created by existing weaknesses.”

 

Cybersecurity in Company Culture

Despite budgetary commitments and a prioritisation of cybersecurity from the C-suite, IT leaders themselves admit to a concerning lack of transparency in the reporting of cyberattacks. Over half (55%) state they have been aware of a cyberattack and not reported it to any relevant authority. In addition, 80% of IT professionals are concerned about a breach from within their own organisation. These figures should be a red flag to business leaders, as without a culture of trust, accountability, and responsiveness, cybercrime will thrive.

 

Guccione concludes: “Although there have been small steps from UK businesses in prioritising cybersecurity, clear gaps remain. The volume and pace at which threats are hitting businesses is increasing, and leadership cannot afford to wait. As we move forward, businesses and IT leaders must not only voice commitments to cybersecurity, but act on them. They need to acknowledge how our workplaces have evolved and respond to new ways of protecting their employees, their data, and their livelihoods.”

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...