A significant portion of UK businesses currently feel underprepared to tackle cybersecurity threats, according to recent research findings.
The latest report from Databarracks reveals that internal confidence in handling cyber threats remains unchanged from previous years, despite increased threats.
While 53% of surveyed organisations expressed confidence in their cybersecurity capabilities, there has been no noticeable improvement from the previous year.
This consistent lack of confidence is worrying given the increasing sophistication of cyber threats that businesses face on a daily basis.
In the past 12 months, 61% of organisations have conducted reviews of their security policies in response to emerging threats.
Surprisingly, 41% of those decided not to invest in protective measures even after identifying vulnerabilities.
The hesitation to invest might be attributed to budget constraints or a perceived lower risk level, which leaves gaps in defence.
Viruses, spyware, ransomware, and phishing attacks are the most prevalent threats.
These types of cyber attacks have been reported by 44%, 30%, 29%, and 26% of businesses respectively.
The data highlights the need for a proactive rather than reactive approach to security management in businesses.
Cyber awareness training has seen an increase from 26% to 34% in business investment over the past year.
Peter Groucutt from Databarracks emphasises that training is key to improving staff confidence against phishing and whaling attacks, which target personnel.
Frequent and consistent training is more effective than isolated intensive sessions.
According to Groucutt, fostering a security culture requires a top-down and horizontal approach within organisations.
Ingrained practices need to evolve, with security measures becoming an integral part of everyday business operations.
Directors and new starters alike should participate in training sessions, promoting a vigilant and accountable company culture.
Information controls need to be tightened alongside awareness training for overall cybersecurity.
Implementing stringent information policies can significantly reduce exposure to threats.
Organisations must continuously assess and update their control measures to adapt to the changing threat landscape.
Businesses must recognise the ongoing evolution of cyber threats and adjust their strategies accordingly.
The integration of awareness training with enhanced security measures offers a comprehensive solution to building resilience.
To mitigate cyber threats, a unified approach combining policy review, training, and tighter controls is essential.
Businesses equipped with these strategies are better positioned to protect themselves in an increasingly digital world.