New research from cybersecurity firms Tenable and Forrester has unveiled alarming vulnerabilities within UK organisations, revealing that they are susceptible to nearly half of all cyber attacks. Of the cyberattacks that UK organisations have experienced in the last two years, 48% were successful, according to the study released on October 30, 2023.

The survey, commissioned by Tenable and conducted by Forrester Consulting, indicates a dire situation exacerbated by a disconnect between leadership and cybersecurity teams. Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, stressed, "While reducing cyber risks has to be the priority, it seems easier said than done. Our study confirms that security teams are being overwhelmed by the sheer volume of cyberattacks they have to react to."

This study accentuates that UK organisations are "firefighting" cyber issues rather than proactively preventing them. Nearly two-thirds of respondents (65%) believe that their organisation would be more adept at defending against cyber attacks if it devoted more resources to preventive cybersecurity. But the harsh reality is that six in 10 respondents say their cybersecurity teams are too preoccupied with addressing immediate threats to focus on a preventive strategy.

This reactive posture is compounded by poor internal communication at the executive level. Astonishingly, nearly one in three business leaders are convening to discuss cyber systems either once a year or not at all. "Something has to change to stem the tide of successful attacks. Security leadership needs to be involved in high-end business decision-making. Only then can the organisation hope to reduce its risks and take steps to address the challenges standing in the way," Montel added.

The research also highlighted specific concerns about the risks associated with cloud infrastructure. Over two-thirds of respondents (67%) cite cloud infrastructure as one of the highest areas of risk exposure. The complexities introduced by multi-cloud and hybrid cloud environments make it increasingly difficult for cybersecurity teams to manage identities, access, and entitlement data.

Furthermore, poor data hygiene is obstructing effective cybersecurity measures. More than half of respondents (56%) stated that a lack of data quality prevents them from gathering meaningful information from user privilege and access management systems. While most respondents consider user identity and access when prioritising vulnerabilities, nearly half (46%) lack an effective means of incorporating such data into preventive strategies.

With the escalating complexity of potential attack surfaces and the industrialisation of hacking through AI-enabled attacks, UK organisations are on the brink of being overwhelmed to the point of collapse. As cyber threats continue to evolve, the gap between C-suite leaders and cyber teams is widening, putting UK infrastructure at serious risk.

According to Gavin Millard, Deputy CTO of Tenable, immediate action is critical to safeguard the integrity of UK infrastructure. Teams "must act now or risk losing the race to hackers intent on crippling their infrastructure and stealing mission-critical data," he warned. Given the current climate, UK organisations must pivot from a reactive approach to a more proactive strategy to fortify their defences against cyber threats.