2022 Cybersecurity Census Report reveals lack of preparedness against rising cyberattacks

Almost one in five (17%) UK businesses are subjected to approximately two cyberattacks every working day.

Cyberattacks are hammering businesses of all sizes and sectors across the UK, with just a fraction of those prepared to defend against them, according to new research by Keeper Security. The 2022 Cybersecurity Census Report reveals that companies are suffering severe organisational, financial and reputational damage. Yet, despite IT leaders expecting this onslaught to intensify over the next year, preparation is lacking, with only a minority of organisations feeling ready to face the threats.

The report found that the average UK business experiences 44 cyberattacks per year—more than three every month—and almost one in five (17%) are subjected to over 501 attacks in a single year. This calculates to approximately two cyberattacks every working day. While only around two of those cyberattacks are successful each year, IT leaders fear the frequency of attacks will intensify, with 46% expecting both the total number of attacks and number of successful attacks to increase over the next year.

Cyberattacks are causing businesses significant harm

Successful cyberattacks have the potential to bring businesses of all sizes to a standstill. Alarmingly, just 26% of respondents consider their business very prepared to defend against them.

Over one third (35%) of victims of a cyberattack report disruption to trading, such as the ability to carry out business operations

Over one third (34%) experienced reputational damage due to an attack

31% of both larger (over 1,000 employees) and smaller (fewer than 1,000 employees) businesses experienced theft of financial information from a successful cyberattack

More than a fifth (22%) of businesses experienced theft of money—with the financial disruption totalling more than £100,000 on average. Considering the current macroeconomic uncertainty in the UK, and the fact that the average UK SME makes just £11,000 in profits per year, such financial losses can be terminal.

Cybersecurity Investments and Tools

The rise of hybrid and remote work is widening the gap between what’s necessary to secure organisations and what’s available, with shortfalls in cybersecurity investment leaving businesses exposed.

Visibility of system users, password strength and permissions are baseline necessities regardless of business size or sector, yet IT leaders admit their tech stacks lack essential tools:

Over one-third of respondents (35%) lack a manager for IT secrets such as API keys, database passwords and credentials

Almost nine in ten (87%) highlight concerns about the dangers of hard-coded credentials—embedding authentication data such as user IDs and passwords directly into source code

29% lack a connections manager to help manage remote access to privileged infrastructures

IT leaders acknowledge their current security measures have identifiable weak points, and passwords and credentials are particular areas that require urgent investment. Despite this, almost one-third (32%) state they leave it entirely to employees to set their own passwords, with access often shared as needed.

“The cybersecurity landscape is complex, with ever-changing risks and shifting priorities to manage. However, the research shows that organisations could and should be doing more,” said Darren Guccione, CEO & co-founder of Keeper Security. “While many organisations consider future investments, they face being outmatched by rising external threats and the demands created by existing weaknesses.”

Cybersecurity in Company Culture

Despite budgetary commitments and a prioritisation of cybersecurity from the C-suite, IT leaders themselves admit to a concerning lack of transparency in the reporting of cyberattacks. Over half (55%) state they have been aware of a cyberattack and not reported it to any relevant authority. In addition, 80% of IT professionals are concerned about a breach from within their own organisation. These figures should be a red flag to business leaders, as without a culture of trust, accountability, and responsiveness, cybercrime will thrive.

Guccione concludes: “Although there have been small steps from UK businesses in prioritising cybersecurity, clear gaps remain. The volume and pace at which threats are hitting businesses is increasing, and leadership cannot afford to wait. As we move forward, businesses and IT leaders must not only voice commitments to cybersecurity, but act on them. They need to acknowledge how our workplaces have evolved and respond to new ways of protecting their employees, their data, and their livelihoods.”

The partnership will enable Armadillo’s customers to maintain strong encryption standards, whilst mitigating against malicious activity hidden within encrypted network traffic.
New partnership will allow stor.ai to offer grocers Web Application Firewall (WAF) capabilities to secure e-commerce platforms and prevent cyber attacks quickly and seamlessly.
Majority of employees still rely on username and password authentication.
Illumio, Inc., the Zero Trust Segmentation company, has introduced Illumio Endpoint®, a reimagined way to prevent breaches from spreading to clouds and data centers from laptops.
According to new Venafi research, complexity due to increase, as companies plan to host more than half their applications in the cloud.
Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.
Although progress has been made, organisations are still paying out.
New research from Forcepoint exposes how CNI cybersecurity professionals need greater support to prevent burnout from the pressure of securing high-threat, high-complexity environments.