LONDON--(BUSINESS WIRE)--Cyberattacks are hammering businesses of all sizes and sectors across the UK, with just a fraction of those prepared to defend against them, according to new research by Keeper Security. The 2022 Cybersecurity Census Report reveals that companies are suffering severe organisational, financial and reputational damage. Yet, despite IT leaders expecting this onslaught to intensify over the next year, preparation is lacking, with only a minority of organisations feeling ready to face the threats.
The report found that the average UK business experiences 44 cyberattacks per year—more than three every month—and almost one in five (17%) are subjected to over 501 attacks in a single year. This calculates to approximately two cyberattacks every working day. While only around two of those cyberattacks are successful each year, IT leaders fear the frequency of attacks will intensify, with 46% expecting both the total number of attacks and number of successful attacks to increase over the next year.
Cyberattacks are causing businesses significant harm
Successful cyberattacks have the potential to bring businesses of all sizes to a standstill. Alarmingly, just 26% of respondents consider their business very prepared to defend against them.
- Over one third (35%) of victims of a cyberattack report disruption to trading, such as the ability to carry out business operations
- Over one third (34%) experienced reputational damage due to an attack
- 31% of both larger (over 1,000 employees) and smaller (fewer than 1,000 employees) businesses experienced theft of financial information from a successful cyberattack
More than a fifth (22%) of businesses experienced theft of money—with the financial disruption totalling more than £100,000 on average. Considering the current macroeconomic uncertainty in the UK, and the fact that the average UK SME makes just £11,000 in profits per year, such financial losses can be terminal.
Cybersecurity Investments and Tools
The rise of hybrid and remote work is widening the gap between what’s necessary to secure organisations and what’s available, with shortfalls in cybersecurity investment leaving businesses exposed.
Visibility of system users, password strength and permissions are baseline necessities regardless of business size or sector, yet IT leaders admit their tech stacks lack essential tools:
- Over one-third of respondents (35%) lack a manager for IT secrets such as API keys, database passwords and credentials
- Almost nine in ten (87%) highlight concerns about the dangers of hard-coded credentials—embedding authentication data such as user IDs and passwords directly into source code
- 29% lack a connections manager to help manage remote access to privileged infrastructures
IT leaders acknowledge their current security measures have identifiable weak points, and passwords and credentials are particular areas that require urgent investment. Despite this, almost one-third (32%) state they leave it entirely to employees to set their own passwords, with access often shared as needed.
“The cybersecurity landscape is complex, with ever-changing risks and shifting priorities to manage. However, the research shows that organisations could and should be doing more,” said Darren Guccione, CEO & co-founder of Keeper Security. “While many organisations consider future investments, they face being outmatched by rising external threats and the demands created by existing weaknesses.”
Cybersecurity in Company Culture
Despite budgetary commitments and a prioritisation of cybersecurity from the C-suite, IT leaders themselves admit to a concerning lack of transparency in the reporting of cyberattacks. Over half (55%) state they have been aware of a cyberattack and not reported it to any relevant authority. In addition, 80% of IT professionals are concerned about a breach from within their own organisation. These figures should be a red flag to business leaders, as without a culture of trust, accountability, and responsiveness, cybercrime will thrive.
Guccione concludes: “Although there have been small steps from UK businesses in prioritising cybersecurity, clear gaps remain. The volume and pace at which threats are hitting businesses is increasing, and leadership cannot afford to wait. As we move forward, businesses and IT leaders must not only voice commitments to cybersecurity, but act on them. They need to acknowledge how our workplaces have evolved and respond to new ways of protecting their employees, their data, and their livelihoods.”
+++ ENDS +++
About Keeper Security Inc.
Keeper Security, Inc. ("Keeper") is transforming the way organisations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyberattacks while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organisations for password management, secrets management, privileged access, secure remote infrastructure access and encrypted messaging.
Keeper's products are the highest-rated in the industry across G2, Trustpilot, PCMag and U.S. News & World Report. For the last several years, Keeper has received several InfoSec Awards from Cyber Defense Magazine for its cybersecurity enterprise software. Keeper is SOC 2 certified, ISO 27001 certified, FIPS 140-2 validated, and FedRAMP Authorised. Keeper is backed by Insight Partners, a leading venture capital and private equity firm with $90b AUM.