Trend Micro reveals cybersecurity gaps in UK organisations

Today

Trend Micro has unveiled research findings highlighting significant gaps in the cybersecurity practices of UK organisations. According to the study, many companies lack essential resources and leadership commitment required to manage and mitigate risks associated with their digital attack surfaces effectively.

The study surveyed 100 UK cybersecurity leaders from small, medium, and large organisations, as part of a global research initiative. The top three gaps identified in the cybersecurity posture of these organisations are insufficient staffing for round-the-clock coverage, inadequate use of attack surface management techniques, and the limited application of proven regulatory security frameworks.

Only 31% of respondents reported having sufficient staffing to ensure 24x7x365 cybersecurity coverage. Meanwhile, only 32% are utilising attack surface management techniques to measure the risk, and merely 34% rely on established frameworks such as the NIST Cybersecurity Framework to guide their cybersecurity efforts.

A significant portion of the blame for these gaps can be attributed to a lack of leadership and accountability at the highest levels of organisations. Half of the global respondents (48%) believe that their leadership does not consider cybersecurity to be their responsibility, with only 17% strongly disagreeing with this assertion. This sentiment was echoed among UK respondents, who noted a lack of clarity regarding who should hold responsibility for mitigating business risks.

Nearly a third (25%) of UK respondents indicated that their organisational IT teams are responsible for cybersecurity. This ambiguity in reporting lines and responsibility might contribute to the inconsistent approach to cyber risk that over half (54%) of UK respondents observed within their organisations.

"A lack of clear leadership on cybersecurity can have a paralyzing effect on an organisation—leading to reactive, piecemeal and erratic decision making," said Bharat Mistry, Technical Director at Trend Micro. "Companies need CISOs to clearly communicate in terms of business risk to engage their boards. Ideally, they should have a single source of truth across the attack surface from which to share updates with the board, continually monitor risk, and automatically remediate issues for enhanced cyber-resilience."

The need for robust leadership is underscored by the high level of concern among those surveyed. Nearly all (94%) respondents expressed worries about their attack surface. Over one third (36%) are particularly concerned about the capability to discover, assess, and mitigate high-risk areas effectively. Additionally, 16% of respondents indicated they lack a single source of truth from which to manage their cybersecurity efforts.

The research intends to shed light on these critical areas where UK organisations need to improve their cybersecurity strategies. The broader aim is to encourage a more proactive and consistent approach to managing cyber risks, aligned with global regulatory expectations and best practices.

The survey was conducted by Sapio Research in January 2024 and included responses from 2,600 IT decision-makers worldwide, with 100 participants based in the UK.

Share on: