A recent study commissioned by Tenable reveals that48% of cyberattacks on UK organisations in the past two years were successful, forcing security teams into reactive stances.
The report highlights that 60% of UK organisations feel confident in their cybersecurity practices reducing risk exposure, but also outlines concerns about the risks associated with complex cloud infrastructure.
The study, which surveyed 100 UK-based IT and cybersecurity leaders, underlines the need for improved communication, quality data, and a shift towards more preventive cybersecurity methods.
- 48% of cyberattacks on UK organisations in the last two years were successful, leading to a reactive approach to cybersecurity.
- Cloud infrastructure is a major concern for security teams, with 67% of respondents citing it as a high area of risk exposure.
- Organisations struggle to obtain an accurate view of their attack surface, leading to a lack of preventive cybersecurity measures.
Almost Half of Cyberattacks on UK Organisations Succeed
A recent report has revealed a startling fact: 48% of cyberattacks on UK organisations in the last two years have been successful. This alarming revelation is putting a significant strain on security teams, who are being forced to concentrate on reactive measures instead of preventing these attacks in the first place.
The Confidence Crisis in Cybersecurity
According to the study, only 60% of UK organisations are confident that their cybersecurity practices can effectively reduce their risk exposure. This lack of confidence suggests there is significant room for improvement.
Cloud Infrastructure: A Major Risk Factor
The risks associated with cloud infrastructure are a particular concern. The survey found that 70% of organisations use multi-cloud and/or hybrid cloud environments, yet 67% of respondents identified this as one of the highest areas of risk exposure.
A Race Against Time
The survey also revealed that security teams feel they are in a race against time. An overwhelming 65% of respondents believe their organisation could be more successful at defending against cyberattacks if more resources were devoted to preventive cybersecurity. However, 60% said their cybersecurity team is too busy managing critical incidents to focus on preventing future attacks.
The Struggle for Accurate Data
The struggle to obtain an accurate picture of their attack surface is a major obstacle for many organisations. Over half (56%) of respondents admitted that their lack of data hygiene prevents them from drawing quality data from their user privilege and access management systems.
The Communication Gap
There is also a significant communication gap at the highest levels of many organisations. Nearly half (47%) of respondents said they only meet with business leaders on a monthly basis to discuss which systems are business-critical, while a shocking 25% hold such meetings only once per year.
Cybersecurity Expert’s Commentary
“While reducing cyber risks has to be the priority, it seems easier said than done. Our study confirms that security teams are being overwhelmed by the sheer volume of cyberattacks they have to react to. As the attack surface becomes ever more complex, this imbalance will only worsen,” said Bernard Montel, EMEA Technical Director and Security Strategist, Tenable.
Final Thoughts
This report paints a troubling picture of the state of cybersecurity within UK organisations. The high success rate of cyberattacks, coupled with a reactive, rather than preventive, approach to cybersecurity, highlights the urgent need for change. As Montel suggests, security leadership needs to be involved in high-level business decision-making to effectively combat the rising tide of cyber threats.
FAQ
Q: What percentage of cyberattacks on UK organisations were successful in the last two years?
A: 48% of cyberattacks on UK organisations were successful in the last two years.
Q: How confident are UK organisations in their cybersecurity practices?
A: Only 60% of UK organisations are confident that their cybersecurity practices can successfully reduce the organisation’s risk exposure.
Q: What are the highest areas of risk exposure in UK organisations?
A: According to the survey, the highest perceived risks in UK organisations come from the use of public cloud infrastructure (31%), multi-cloud and/or hybrid cloud (27%), and private cloud infrastructure (9%).
Q: What percentage of respondents believe their organisation would be more successful at defending against cyberattacks with more resources dedicated to preventive cybersecurity?
A: Nearly two-thirds of respondents (65%) believe their organisation would be more successful at defending against cyberattacks if more resources were devoted to preventive cybersecurity.
Q: Why do cybersecurity teams struggle to take a preventive approach to reducing their organisation’s exposure?
A: Cybersecurity teams struggle to take a preventive approach due to their organisations’ struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses, and user entitlement systems.
Q: What prevents respondents from drawing quality data from user privilege and access management systems?
A: Over half of the respondents (56%) said a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems.
Q: How often do meetings about business-critical systems take place in most organisations?
A: In most organisations, meetings about business-critical systems take place monthly, according to just under half of the respondents (47%).
