90% of cyberattacks can be avoided

Despite many businesses citing cybersecurity as top priority, senior leaders are more likely to invest in it only after suffering a damaging attack.

Tanium has released new research, “Cybersecurity: Prevention Is Better than the Cure.” The study reveals the amount of time and resources organisations spend on reactive versus preventative cybersecurity measures and the rationale behind their decisions.



The study surveyed UK-based IT decision makers across a variety of industries including public sector, financial services, healthcare, and retail. The most notable finding was that 90 percent of Director level respondents whose organisations have experienced a cyber breach agreed most cyber attacks were avoidable. Despite this awareness, the study shows that IT teams neglect to implement preventative cybersecurity measures for reasons such as a shortage of technical skills and budget-allocation delays from boards of directors.



“Many organisations focus too much on cybersecurity point solutions like antivirus, rather than adopting a holistic, data-driven approach to prevention,” said Oliver Cronk, chief architect, EMEA, at Tanium. “As our research shows, many damaging security incidents - even those resulting from more sophisticated attack vectors - could have been prevented. In fact, more than half of the breaches we see could have been avoided by maintaining baseline cyber-hygiene standards. The current situation is the equivalent of leaving your front door and windows open and only locking them after a burglary has taken place.”



Key findings include:



Most damaging cyber attacks suffered by UK organisations are preventable.



· The 90 percent of Director level respondents agree that ‘the majority of cyberattacks that we have experienced within our organisation have been in some way avoidable’.


· 86 percent of organisations compromised by a breach in the last six months believed that more investment in preventative measures (such as tools or staff training), would have minimised incidents.


· 92 percent of organisations surveyed have experienced a breach at some point in the past, 82 percent within the last 24 months, and 73 percent in the last 12 months.



Boards only approve new cybersecurity funding after incident has occurred.



· 80 percent of C-suite decision makers believe the risk of cyber threats is increasing and expect 2022 to be the worst year yet in terms of the number of attacks.


· For IT decision makers that experienced a cyber attack in the last six months, 86 percent feel that senior leadership is likely to invest in cybersecurity only after suffering an attack; 75 percent state that “some cybersecurity incidents needed to happen” in order to get increased investment from leadership.


· Loss of productivity resulting from downtime is cited as the most damaging impact of a cyber attack (56 percent of all respondents).



Preventative approaches are missed opportunities for IT teams.



· Almost seven in ten respondents believe that a predominantly preventative approach to cybersecurity is best (68 percent); a primarily reactive approach is favoured by only 32 percent.


· The skills gap and overwhelmed IT and security teams have caused preventative security measures to take a lower priority. More than half of organisations (55 percent) agree that there is insufficient staff or resources to focus on preventative security measures.


· Larger organisations are more likely to adopt a preventative approach, with 70 percent of organisations with 500+ employees citing prevention as preferable. Sixty percent of organisations with 250-499 employees agreed.


· 85 percent of all respondents surveyed agreed that there is a greater cost to recover from a cybersecurity incident than to prevent one.



A crucial element of preventative strategies is cyber hygiene, which refers to a set of habitual practices that help to secure networks and data. For example, consistent and timely patching is a fundamental element of a sound cybersecurity posture. But to be effective, organisations need to understand where vulnerabilities exist and have the ability to address them quickly and easily. The Tanium platform has these capabilities and others that help organisations strengthen cyber hygiene.

A new report from the Capgemini Research Institute finds that 51% of industrial organizations believe that the number of cyberattacks on smart factories is likely to increase over the next 12 months. Yet nearly half (47%) of manufacturers say cybersecurity in their smart factories is not a C-level concern. According to the Capgemini report, ‘Smart & Secure: Why smart factories need to prioritize cybersecurity’, few manufacturers have mature practices across the critical pillars of cybersecurity. The connected nature of smart factories is exponentially increasing the risks of attacks in the Intelligent Industry era.
New research reveals majority of large businesses can’t replace unsupported hardware, leaving potential vulnerabilities exposed.
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber-secure workforce and an engaged security culture.
Arcserve has published the first in a series of findings of its annual independent global research study on current experiences and attitudes of IT decision-makers (ITDMs) around data protection and recovery. Key findings from the research show that ransomware attacks continue to impact organisations worldwide with high costs, but they are still largely unprepared. With 50% of respondents targeted with ransomware attacks, the research indicates the critical need for companies to take a new approach to data resilience that fortifies disaster recovery strategies, backup systems, and immutable storage solutions to prevent the loss of mission-critical data.
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
New research shows Log4Shell detections tripled, PowerShell scripts heavily influenced a surge in endpoint attacks, the Emotet botnet came back in a big way and malicious cryptomining activity increased.
Enterprise security solution underpinned by Versa SASE.
Hibernian FC is delighted to announce an innovative multi-year partnership with Acronis, the global leader in cyber protection, and Dunedin IT, one of Scotland's most trusted and experienced technology and connectivity providers providing end-to-end services.