UK leads world in critical cyber attacks but risks recovery gap
Research by Commvault has found that the UK reports the highest frequency of business-critical cyber incidents globally, with 93% of organisations surveyed having experienced such an event.
The study, conducted in collaboration with GigaOm, examined how enterprise organisations across different countries are managing the risks and realities of cyber incidents affecting their data systems and digital infrastructure. For the purposes of this research, a cyber incident was defined as any event that negatively impacts the security of an organisation's digital assets, including security breaches and ransomware attacks.
The findings reveal that only 7% of UK businesses surveyed stated they had never been affected by a business-critical incident, in contrast to 14% of companies in other regions. Of those affected, 57% saw incidents occur in the past 18 months, underscoring the persistence and immediacy of cyber threats facing the UK's enterprise sector.
Preparedness concerns
Despite the frequency of these incidents, the research indicates that UK businesses are not as prepared for recovery as their international peers. The data shows that UK organisations are 21% less likely to have a dedicated recovery environment in place to facilitate business continuity following an incident. Additionally, they are 11% less likely to have tested their recovery plans in the last month compared to their counterparts in other countries. Both of these measures are widely regarded as essential elements of an effective cyber resilience strategy.
The lack of preparation raises concerns about the ability of UK businesses to maintain operations after a cyberattack. The findings suggest a potential disconnect between preparing response strategies on paper and practical, real-world readiness to restore business functions when under threat.
Challenges to resilience
The survey explored barriers preventing companies from achieving what the research refers to as "Minimum Viability Company" (MVC) status. This concept focuses on the ability to resume core operations quickly after an attack, particularly against the backdrop of increasingly sophisticated tactics employed by cybercriminals, such as planting malware within backups or creating dormant ransomware that activates post-restoration.
According to respondents, the largest challenge in reaching minimum viability is the complexity of existing IT systems and applications, with 52% citing this as a barrier. The second most significant issue, noted by 47%, is the difficulty of maintaining up-to-date recovery plans that align with evolving business requirements. Furthermore, 30% of organisations acknowledged problems in distinguishing between truly essential 'core' systems and broader, less critical operations, which complicates recovery processes.
Steps towards resilience
Despite these challenges, the survey revealed some positive indicators. Sixty-five percent of UK businesses reported having an inventory of business-critical systems and their dependencies, and 61% have established clear runbooks, roles, and processes for incident response. These numbers are ahead of the global averages of 50% and 41%, respectively, suggesting that UK organisations are putting effort into structuring their response strategies and documenting key processes.
However, the research suggests that these preparation steps are not yet translating into overall readiness to recover, as demonstrated by the lower likelihood of having dedicated recovery environments and regularly tested recovery plans.
When asked about the importance of achieving minimum viability, only 36% of UK organisations strongly agreed that this should be a top priority for their business, indicating some uncertainty or lack of alignment on recovery strategy at the organisational level.
Industry perspectives
"With the threat landscape evolving, business recovery is now a key concern at the board level. However, this research identifies critical gaps many organisations in the UK face as they rapidly try to advance their cyber resilience strategies. Having a tested recovery plan in place and a dedicated recovery environment in the cloud can make all the difference between chaos and continuous business," says Richard Gadd, Senior Vice President, EMEA, Commvault.
Howard Holton, Chief Operating Officer, GigaOm, added his perspective on required leadership action in response to the findings.
"Business-scale cyberattacks are now the norm, not the exception. If complexity is killing efforts to prepare for recovery, executive leaders need to assume control and set business-level priorities, so they can keep the organisation running after an attack."
Survey details
The research was based on responses from 1,000 senior decision makers globally, including a sample of 100 from the UK, working in companies with more than 1,000 employees across a variety of industries. Respondents included those with direct involvement in setting, purchasing, or using solutions for improving business resilience and operational recovery following cyber incidents.
