Expel reveals UK cybersecurity challenges

Expel has published the findings of its recent research report, providing insight into the obstacles facing UK cybersecurity teams.

The report, ‘The UK cybersecurity landscape: challenges and opportunities” is based on research gathered from 500 IT decision makers (ITDMs) in the UK across businesses of different sizes and sectors, including financial services, technology, healthcare and government.

Despite the UK’s current economic challenges, cybersecurity was revealed to remain a ‘critical concern’ for organisations with 50 per cent of respondents highlighting it as a significant challenge for 2023, behind only energy prices (61 per cent) and the economic climate (54 per cent).

Regarding specific cybersecurity challenges, respondents named multiple familiar threats. Malware concerned the most respondents (43 per cent), followed by ransomware (38 per cent) phishing (38 per cent), and business email compromise (BEC—25 per cent). Only 14 per cent identified nation-state activity as a concern.

The report found that many IT teams sense a ‘breaking point’, with team members experiencing burnout and a negative impact on their work/life balance when they regularly miss personal commitments because of cybersecurity risk. In fact, 93 per cent of respondents reported experiencing this. 34 per cent of the total said missing personal commitments happens all or most of the time, as did 43 per cent of IT team members and 38 per cent of CIOs/CTOs.

More than half (52 per cent) of those surveyed agreed that their team spends too much time dealing with unnecessary cybersecurity notifications.

When asked, ‘How likely or unlikely do you think it is that you or members of your IT/cybersecurity team will leave the cybersecurity industry due to burnout in the next 12 months?’, 52 per cent of IT decision makers responded ‘likely’ or ‘very likely.’

ITDMs surveyed report a median annual security budget of £200,000. The survey found that, on average, 26.7 per cent of allocated security budgets — £53,400 per company surveyed— was unused in 2022. 21 per cent of respondents reported spending just half, or less, of their budgets.

Expel said many businesses appear to be taking a reactive, rather than proactive, approach to cybersecurity investment. Mandatory regulation and responding to a breach they’ve experienced drive the most investment at 38 per cent and 32 per cent, respectively.

Chris Waynforth, general manager & VP international at Expel said that the report confirms ‘much of what ITDMs already know’.

“Even though cybersecurity concerns many UK businesses, they’re struggling to figure out how and where to invest in solutions,” he said. “Organisations looking to maximise their investments get the best results when engaged leadership sees security budget as a business enabler rather than a cost centre.

“While this data may seem dire, we’re optimistic. Our research illustrates how a change in mindset and attention towards key areas of investment can provide useful guidance for those looking to improve security strategies and efficiencies, this year and beyond.”