UK organisations lack cyber resilience, claims e2e-assure study
A recent study by threat detection and response provider e2e-assure has unveiled concerning cyber resilience statistics.
The report, titled 'Rejuvenating Cyber Defence Strategies', unveiled that whilst 75% of Chief Information Security Officers (CISOs) and cyber security decision-makers have suffered a cyber attack, a mere 22% would describe their organisation as resilient.
Furthermore, the report found that 42% of organisations identified their cyber security operation's performance as under-par, whether in-house or outsourced. Mid-sized companies, although more frequently outsourcing their cyber operations (at a rate of 57%), fared the worst compared to larger enterprises. 47% of mid-sized companies reported their provider's performance as inadequate, compared to 37% of larger enterprises.
Substantial discrepancies exist in the treatment of mid-sized companies compared to larger enterprises. The report found that 62% of mid-market companies did not have flexible contracts, compared to less than half (46%) of enterprises. Also, 66% of mid-market companies were not offered transparent pricing by their provider, compared to 44% of larger organisations.
The shortcomings extend to a lack of personalisation for mid-sized organisations. The findings show that 57% of these are less likely to have client-centric delivery teams in comparison with their larger counterparts. Over half (58%) of mid-size organisations stated they were not benefiting from tooling tailored to their specific business needs, a concern of 50% of larger enterprises.
Rob Demain, CEO of e2e-assure, notes that mid-sized organisations are the primary users of outsourcing services in their study. However, most of these organisations are dissatisfied with their current support. This highlights a clear requirement for transforming cybersecurity providers' services and pricing strategies to better assist mid-sized companies in enhancing their security measures against breaches.
Demain comments: "With mid-sized organisations the most prominent outsourcers in our study, but with the majority stating that they are unhappy with their current support, it is clear that there is an integral need for a shift in both the service and commercial offerings from cyber security providers to support mid-sized companies better to protect themselves against breaches."
Despite current circumstances, nearly a third (29%) of mid-sized companies have said they will turn to outsourced providers in future, signalling that cyber security professionals are seeking more assistance rather than scaling back on support.
The report identified five key themes necessary for rejuvenating cyber defence in 2024: value proof from providers, more control for security teams to trusted providers, more commercially flexible contracts, flexible service and tooling for organisations, and quality cyber defence must become more accessible to organisations of all sizes.
The research for 'Rejuvenating Cyber Defence Strategies' surveyed 506 CISOs and cyber security decision-makers from companies with employee sizes ranging from 500 to 5,000.
The findings not only cast a spotlight on the current struggles faced by mid-sized companies to fend off cyber threats but also highlight the urgent need for a change in how cyber security providers offer and deliver their services to protect UK businesses in the future.