UK Security Budgets Under Strain As Cyber Incidents Soar

A new report has shed some light into the daily struggle of UK businesses and their IT teams dealing with a growing number of ‘cyber incidents‘.

A new report, entitled ‘State of cyber security in the UK 2023’, from secure cloud and IT managed service provider iomart and Oxford Economics surveyed 500 UK executives (with more 1,000 plus staff).

The report found that UK businesses have experienced on average 30 cyber incidents over the last 12 months – a 25 percent increase compared to last year.

Budgetary pressures

And despite organisations spending more than £40,000 a year on cyber protection measures such as vulnerability assessments, penetration testing, and red team engagements, the report found that more than a quarter (27 percent) think their cyber security budget is inadequate.

Indeed, according to the iomart and Oxford Economics report, tight budgets continue to be the largest barrier for improved cyber security.

The report also found that the rising cost of cyber insurance premiums is one of the biggest financial outlays, with 70 percent of businesses noting a rise over the last two years.

This is not the first time that the issue of cyber insurance has been flagged.

In August 2022 for example Lloyd’s of London defended its move to limit systemic risk from cyber attacks by requesting that insurance policies have an exemption for nation-state cyber-attacks.

Then in December last year, Mario Greco, chief executive at insurer Zurich, one of Europe’s biggest insurance companies, warned that cyberattacks, rather than natural catastrophes, will soon become “uninsurable”.

Cyber blind spots

But the iomart and Oxford Economics report found that with the cost of remediation and other businesses expenses, such as rising energy costs, stretched budgets are causing blind spots in businesses’ cyber strategies.

The report for example found that only 37 percent of respondents have security embedded into all their business processes and functions, while 14 percent admitted that security is only addressed on an ad hoc or as-needed basis.

Meanwhile during the Covid-19 pandemic, 41 percent of organisations were forced to sacrifice cyber security to keep the lights on.

The report also found that a lack of key skills remains one of the main concerns to tackling rising cyber threats. So much so that 30 percent of cyber staff admit to currently facing burnout.

This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56 percent) and malware (55 percent).

AI saviour?

Despite these challenges, businesses are optimistic about the role of nascent technologies such as AI and ML.

More than a third (38 percent) of businesses believe the use of AI and ML will be a major trend in cyber security over the next two years, particularly to support with email screening (78 percent) and contextual analytics (69 percent).

“Our latest security report with Oxford Economics is a temperature check on the cyber challenges businesses face,” said Lucy Dimes CEO at iomart. “It is clear the threat of cybercrime is rising, but there’s a lack of confidence in organisations’ abilities to protect themselves against it.”

“There are many factors at play that are influencing this, from rising energy costs and increased insurance premiums to skills shortages and staff burnout, which are causing huge challenges for businesses,” said Dimes.

“While this may be the case, there are ways to relieve these pressures, with effective strategies being developed and new technologies such as AI being embraced,” Dimes concluded. “Working alongside trusted partners can also ensure companies have adequate cyber strategies tailored to their business needs and challenges.”

The cyber threat facing UK organisations was clearly underlined by the UK government this year, after Cabinet Office secretary, Oliver Dowden, warned that cybercrime groups linked to Russia are ‘ideologically motivated’ and want to ‘disrupt or destroy’ the UK.