TLDR:
- UK firms are lagging behind in adapting to cyber security threats
- Medium-sized companies are falling short in terms of cyber security readiness
In a recent article by ITPro, it was highlighted that UK businesses are slow to invest in cyber security capabilities, with medium-sized companies exhibiting particularly concerning trends. According to industry expert Andy Kays, CEO of Socura, a government-led survey revealed that while large firms typically have a strong cyber security posture, medium-sized companies are not prioritizing cyber security or making changes to their security posture at a sufficient pace.
The survey, titled Cyber Security Longitudinal Survey, found that three-quarters of medium and large businesses in the UK experienced a security incident in the past year, raising worries about their ability to handle escalating threats. Key findings included:
- Only 60% of businesses have a written procedure for responding to cyber security incidents
- Just half of the businesses tested incident response policies within the last 12 months
- Only a third of medium businesses adhere to a standard or accreditation related to cyber security
The study also noted that smaller businesses are focusing more on reactive measures rather than proactive efforts to bolster security, which could pose a significant obstacle for future cyber security initiatives. Larger businesses, on the other hand, have shown better performance in terms of security readiness, with a higher percentage adhering to cyber security standards and improving preventative capabilities.
Experts like William Wright, CEO of Closed Door Security, emphasized the importance of integrating cyber security into organizational decision-making processes, rather than treating it as solely an IT issue. The data underscores the need for businesses to prioritize cyber security and implement proactive measures to mitigate risks and enhance resilience against cyber threats.