20 January 2022

A quarter of UK companies don’t spend enough on cybersecurity despite high number of successful cyberattacks

Despite the well-documented cyberthreat landscape, a quarter (24%) of UK businesses admit they are not spending enough on cybersecurity measures, according to Kaspersky’s latest report. With four in five (82%) UK companies confessing that that they have fallen victim to a cyberattack, the report titled: ‘Must-have cybersecurity insights for proactive business decisionmakers’, reveals a mismatch between cybersecurity budget and business risk.

The report reveals that 64% of UK businesses recognise that they need to be more proactive in strengthening their cybersecurity measures, but don’t know how. This comes at a concerning time for the business community, as 62% of UK companies say that they find it difficult to monitor possible risks or breaches as the use of personal devices increases amid ongoing remote and hybrid working measures.

Cyberattacks on companies of all sizes are an increasingly dangerous threat and concern for business decision makers. The most common cyberattacks suffered by businesses are email attacks (29%), malware attacks (26%), spyware attacks (24%) and ransomware attacks (18%).

Interestingly, however, email attacks concern businesses the least with spyware and ransomware top of the agenda for decision makers. Indeed, two thirds (65%) of business decision makers surveyed say that they are concerned about the threat of cybersecurity attacks – especially when it comes to the following attack vectors:

Spyware: 69%
Ransomware: 68%
Malware: 68%
Targeted attack (on organisation or industry): 67%
Email: 65%

“Whether its employees’ faults, email attacks or the increasing complexities of IT infrastructure, our survey shows very clear pain points that companies – SMBs as well as enterprises – have to address. These include sophisticated security solutions (more than endpoint protection), better threat intelligence and more investment in awareness building within their staff.

“The best option is to choose one cybersecurity partner who can offer both technology and human expertise to get visibility into everything that’s going on within your network for comprehensive protection. In a nutshell, companies can do better at reacting properly to current and future cyberthreats,” said Chris Hurst, General Manager at Kaspersky UK&I.

Kaspersky advice for business decisionmakers

At enterprise level, SOCs and SIEM integration increases the level of security; for SMBs the easiest way to face today’s IT security challenges is to enlist external and trusted IT security expertise. To help business decisionmakers put the right measures in place, Kaspersky provides the following advice:

Use dedicated and effective endpoint protection, threat detection and response products to timely detect and remediate even new and evasive threats. Kaspersky Optimum Framework includes comprehensive endpoint protection, empowered with Endpoint Detection Response and Manager Detection Response (EDR and MDR) solutions
Provide your SOC team with access to the latest automated threat intelligence and regularly upskill them with professional training
Provide staff with basic cybersecurity hygiene training as many targeted attacks start with phishing or other social engineering techniques
Integration of human expertise and technology is key. If you get both from one trusted partner which is integrated and partly automated, companies can get enterprise-wide visibility which saves them time and increases efficiency. This frees up the security team’s time to work on more important matters

The full Kaspersky report, ‘Must-have cybersecurity insights for proactive business decisionmakers’, is available here, and includes a checklist for business decisionmakers on how they can optimise their cyber-protection, step-by-step.