Inconsistent cyber defences mean less than a fifth of UK organisations are effectively stopping cyber attacks
Hackers are having more success in the UK than other countries, according to research from Accenture which reveals that UK organisations need more consistent cyber defences. Almost one fifth of attempted targeted cyber attacks in the UK successfully breach security, compared with just over a tenth as the global average.
Accenture’s State of Cyber Resilience report paints a mixed picture of the UK’s cyber security defences. Whilst UK organisations have quick reactions to spotting security breaches in less than a day compared to the global average (46% vs. 34%), there are some vulnerabilities that continue to make them more susceptible to attack. Less than a fifth of UK organisations (18%) are effectively stopping cyber attacks and fixing breaches fast enough to lower their impact – a notably lower percentage of ‘cyber security leaders’ than the US (27%), Singapore (27%) and Italy (22%).
The news comes as businesses are under increased pressure to support remote and digital environments, leading to a higher risk of attack during the current COVID-19 pandemic. Malicious threat actors are taking advantage as organisations reconfigure their supply chains, offer more digital experiences, and meet the demands of a remote workforce. According to Accenture iDefense, more than 16,000 coronavirus-related domains have been registered since January 2020, which are reportedly 50% more likely to be fraudulent than others.
The findings point to a more isolated approach to cyber security as one reason for the UK’s vulnerability. Thirty-eight percent of security breaches in the UK are a result of indirect attacks through the partner ecosystem, however UK businesses’ approach is less collaborative than global peers. Only 4 in 10 UK businesses collaborate with strategic partners to test their cybersecurity resilience compared to almost half globally. They’re also less likely to share knowledge of threats with strategic partners (44% vs. 48%) and the security community within an industry (39% vs. 46%).
Additionally, there’s evidence to suggest that UK businesses are not making the most of the tools available. Over half of global companies (51%) are scaling new security tools across their business, compared to more than two-fifths (43%) in the UK.
Whilst innovation is important, sustaining investments to perform better at the basics is key too. Yet in the UK this is getting less attention, receiving 35% of the budget allocation compared to 39% globally.
Nick Taylor, Security Lead for Accenture UK & Ireland, said: “Our research has uncovered some fundamental vulnerabilities still plaguing UK organisations. These must be addressed now, particularly as the COVID-19 crisis is putting pressure on security teams. Increased remote working will likely become business as usual, requiring teams to scale the security measures they may have temporarily put in place. Resilience teams will also need to build continuity into every operation, and with budgets tighter than ever, they will have to invest wisely and make the most of the tools available. Trying to go it alone and neglecting the basics as we enter this never normal era puts UK businesses at risk of falling behind.”
On a more positive note, UK businesses are ahead in spotting breaches, as well as fixing breaches in less than 15 days (53% vs. 47%). In addition, threat actors don’t seem to do as much damage in the UK compared to globally, with 35% of breaches having no impact versus 32% on average worldwide.
“It’s encouraging to see that the UK is ahead when it comes to its resilience, but a more consistent approach is needed,” Taylor continued. “If UK businesses take steps to improve their proactive approach and prevent attacks occurring in the first place, by making a concerted effort to collaborate and train further, then there is no reason why the country could not soon set the standard globally for cybersecurity.”
Accenture’s State of Cyber Resilience report identified three qualities that make successful cyber security leaders:
- Invest for operational speed: Prioritise technology that focuses on faster detection, response and recovery. Leaders rank Artificial Intelligence (AI) and Security Orchestration Automation and Response (SOAR) technologies highest.
- Drive value from new investments: Scale, train and collaborate more to see value from new technologies. Organisations best at collaborating are 2X better than the rest at defending attacks.
- Sustain what you have: Maintain existing investments to perform better at the ‘basics’. Leaders focus more of their budget allocations on looking after what they already have, compared with the non-leaders who place more emphasis on piloting and scaling new capabilities.