Businesses expect cyber threats to rise, but aren’t ready for them

AI security shield
(Image credit: Shutterstock / ArmadilloPhotograp)

It’s no secret that cyber-attacks are becoming increasingly sophisticated, while simultaneously growing in number and volume. Research from the Business Continuity Institute reports that cyber threats have increased in severity over the past year, with 75% of respondents reporting a rise in attempted breaches and 39.4% falling victim to a successful cyber-attack.

And this worrying trend is only expected to rise. In fact, our own research shows that a staggering 70% of UK business leaders expect their organizations to be hit by a cyberattack within the next year.

But, despite these concerns for the near future, the same study shows that only 35% of those leaders believe they are adequately prepared to handle such an incident. Clearly, there is a significant disconnect between the perceived risk of cyber threats and the level of preparedness among the nation’s businesses.

So, as the digital threat landscape continues to evolve, UK businesses find themselves in an increasingly delicate position when it comes to cybersecurity. The growing number of incidents facing modern companies is well documented in today’s headlines, leaving organizations in no doubt that this is a serious issue that every business should have near the top of their agendas.

In this landscape, how can companies become more confident in their ability to defend themselves against modern cyber threats?

Christian Reilly

Field CTO, EMEA at Cloudflare.

Rising cyber threats: a reality for UK businesses

The gap between the anticipated risks of cyberattacks and the preparedness of businesses to address them speaks volumes about the current state of cybersecurity in the UK.

This discrepancy isn’t a question of ignorance but of confidence – or the lack thereof. With almost half (48%) of UK organizations reporting a cybersecurity incident in the past year according to our data, the threat is very real, and the same research reveals that the UK now holds the unfortunate title of being the most targeted country in Europe. And still, only one in three business leaders feel they have the necessary defenses in place. This points to a critical issue: while awareness is growing, true preparedness remains worryingly low.

That’s despite the real-life ramifications that can be expected when a business suffers a breach.

Not only could an incident have serious consequences for the business itself, but it could also have a negative impact on your employees and customers. Whether it’s financial losses, regulatory penalties or reputational damage, the stakes are high when it comes to having a lack of robust defense mechanisms. For example, in September 2023, MGM Resorts International suffered a devastating ransomware attack that cost the company an estimated $100 million – equivalent to roughly £76 million. A cyber-attack is a devastating blow to any company – but there are lessons to be learned when an incident like this makes the headlines.

Learning from experience

What stands out from the Cloudflare data is that sectors with higher attack frequencies, such as IT and technology, report feeling more prepared for future incidents. This is logical – experience breeds resilience. This confidence also likely stems from the sectors' early adoption of advanced cybersecurity tools and practices, equipping them to handle the evolving threat landscape.

SolarWinds is a great example of a business that took significant steps to overhaul its security practices after a breach – and come out stronger. The company enhanced its software development process with its Secure by Design principle, adopted a Zero Trust architecture, and increased transparency by openly communicating with customers and regulators. SolarWinds also collaborated with cybersecurity experts to continuously improve their defences, while contributing to industry-wide efforts to bolster software supply chain security. These actions helped the company recover, educate the wider sector and become more resilient against future cyber threats.

But while the IT and tech sectors are more prepared for such an incident, others are lagging behind. Industries like education and healthcare, which have faced fewer attacks in the last 12 months, display a shocking level of complacency. With our data showing that only 19% and 18% of these sectors feeling prepared for an attack, one has to wonder: are they playing a dangerous waiting game?

Just because businesses have been lucky enough to avoid an attack so far, it doesn’t make them immune in the future. And the industries that have yet to face a cyberattack are worryingly underprepared. A report from Microsoft and Goldsmiths, University of London has found that just 13% of UK businesses are resilient to cyberattacks, with 48% deemed vulnerable and the remaining 39% facing high risk. Given the sensitive nature of the data handled in industries like healthcare, a significant cyberattack could have devastating consequences. And as cyber threats become more sophisticated and frequent, hope is not a strategy.

Cybersecurity as a catalyst for business modernization

Despite the challenges posed by the growing threat of cyberattacks, there is a positive shift in how business leaders are approaching cybersecurity. Our research shows that over two-fifths (44%) see it as a driving force for modernization and the same amount consider it a key to getting boards to invest in essential projects.

According to a report by Aviva, attitudes towards cyber security are shifting, with more businesses recognizing the importance of robust defenses against potential threats. The company’s data shows that worries over cyber-attacks have risen from 40% to 57% since 2020.

This evolving perspective is encouraging, as it suggests organizations are recognizing the strategic value of strong cybersecurity measures. It highlights a recognition that robust defenses can offer more than just protection – driving innovation, streamlining operations and enhancing overall efficiency, as well as offering opportunities for operational improvements and data protection. This forward-thinking approach turns cybersecurity from a defensive necessity into a strategic advantage.

By embedding cybersecurity into top-level decision-making rather than treating it as an afterthought, businesses are positioning themselves to thrive in an increasingly digital world.

The need for proactive cybersecurity measures

In an era where digital risks are evolving rapidly, businesses must invest not just in advanced technologies but in fostering a culture where cybersecurity is treated as a strategic priority. Simplified, consolidated solutions are key, but without the right mindset and a commitment to continuous improvement across the whole organization, they will fall short.

Every company, regardless of its industry, must recognize the evolving threat landscape and take proactive steps to mitigate the risks. It’s time for every business to acknowledge that preparedness is more than just a checklist; it’s a mission-critical element of modern business strategy. Instead of being a reactive measure dusted off after a breach occurs, cybersecurity should be considered a proactive, central part of every organisation’s future-proofing plan. UK businesses are waking up to the reality of cyber threats – now they must ensure they are ready to face them head-on.

We've rated the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Field CTO, EMEA at connectivity cloud company, Cloudflare.