Almost half of UK businesses don’t feel they have the internal skills to deal with cyber threats, according to new research from business continuity and disaster recovery provider Databarracks.
The findings are part of the company’s seventh Data Health check report.
The survey questioned more than 400 IT decision makers about their IT, security and business continuity practices over the last year, and what they expect to change in the next 12 months.
Only 53 per cent of organisations surveyed felt confident in the abilities of staff to tackle potential cyber threats against the business. This figure was unchanged from 2016.
The study also found that 61 per cent of organisations have reviewed their security policies in the last 12 months in response to a cyber threat. Despite this, 41 per cent decided not to invest in any safeguards during the same period.
The research also uncovered that viruses (44 per cent), spyware (30 per cent), ransomware (29 per cent) and phishing attacks (26 per cent) were the biggest cyber-attacks to impact businesses in the last year.
“Unfortunately, we are in the midst of an arms race against cyber criminals,” Databarracks managing director Peter Groucutt said.
“Threats are becoming more frequent and more sophisticated. Organisations are desperately trying to address this by improving preventative measures and investing in education for staff, but as the evidence from the research shows, this is in fact doing little to improve confidence.
“While undoubtedly this is a major concern for organisations, it’s important to recognise that the simple steps we take to better equip staff to address threats do have a real effect.”
Groucutt stressed that continually investing in cyber awareness training is crucial, given that phishing and whaling attacks – which are focused on people not technology – remain one of the biggest threats to a business.
“Over the past year we have seen businesses investing in cyber awareness training increase from 26 per cent to 34 per cent and next year we want to see this grow further,” he said.
He also emphasised that the key to improving digital skills confidence among staff is more about regularity and consistency than a single grand gesture.
“It’s about embedding a culture of security, driven from the top-down and horizontally regarded as a critical priority. Old norms must be challenged, ingrained responses and established processes must be shifted, for everyone.
“Directors must attend training sessions alongside new starters, and a culture of vigilance, transparency and accountability promoted at all levels, and within all teams.”
Groucutt added that, in parallel to awareness training, there should also be a corresponding tightening of information controls where needed.