Nearly All UK Businesses Experience Security Incident – Barracuda

The cyber risks facing UK business has been starkly illustrated in a new report from cloud security solution provider Barracuda Networks.

The Barracuda report, entitled ‘The State of Industrial Security in 2022‘, surveyed 800 senior IT managers, senior IT security managers, and project managers responsible for industrial internet of things (IIoT)/operational technology (OT) in their organisation.

It found that a significant 98 percent of UK organisations experienced some form of a security incident in the last 12 months.

Security incidents

The Barracuda data also revealed that web application attacks were the most common security incident for UK organisations.

Indeed, 45 percent of organisations apparently encountering at least one in the last 12 months.

Additionally, 29 percent of UK businesses suffered from a malicious external hardware or removable media, 36 percent encountered a DDoS attack, 31 percent had remote access compromised, and 29 percent encountered a compromised supply chain.

And these attacks are taking a toll.

Nearly one in 10 (9 percent) or UK businesses said that the worst security incident they suffered in the last 12 months had a ‘significant’ impact on their organisation, and led to a complete shutdown of all devices or locations.

Furthermore, 39 percent said their worst incident had a moderate impact, whereby a large number of devices or several locations were impacted, and 50 percent said minimal impact was observed, where a few devices or just one location was impacted.

Only two percent said no impact was experienced at all.

Attack downtime

The downtime for these security incidents ranged from less than a day to up to four days, in the UK. The majority or organisations (42 percent) said that their most significant security incident impacted operation for two days.

As a result, 99 percent of all UK IT leaders are ‘concerned’ to at least some extent about the current threat landscape and geopolitical situation, in terms of the impact it may have on their organisation.

“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organisations at risk,” noted Tim Jefferson, SVP, engineering for data, networks and application security at Barracuda.

“Issues such as the lack of network segmentation and the number of organisations that aren’t requiring multifactor authentication leave networks open to attack and require immediate attention,” said Jefferson.