New research has found that UK businesses are ill-equipped to deal with cyberattacks despite 60 per cent experiencing one in the last 12 months. 

Published by the Ponemon Institute and commissioned by Keeper Security, ‘Cybersecurity in the Remote Work Era: A Global Risk Report found that 37% of respondents do not have a cyber incident response plan in place. 

According to the research, 44% of organisations experienced a data breach over the past 12 months. 

The report paints a bleak picture of businesses’ porous cybersecurity defences. Of the 60% of respondents who say their organisations had a cyberattack, 50% say it was a general malware attack (above the global average of 42%) while 47% of say they had a phishing/social engineering attack over the past year (about the same as the average of 48%). 

COVID-19 has caused mass disruption to the way we work, and with this comes a whole wave of new cyber challenges companies cannot afford to ignore. On average, 63% of employees in organisations represented in this research are working remotely.  

Almost one-third (32%) of attacks were caused by compromised or stolen devices. Despite the new concerns that come with working away from the office, more than half (57%) of respondents admit their IT security budget is inadequate for managing and mitigating these cybersecurity risks. Perhaps even more worrying, 60% claim the time to respond to a cyberattack has become longer, with one in five (19%) claiming this had increased ‘significantly’.  

With an average of 63% of employees working remotely having access to critical, sensitive, and proprietary information, businesses are most concerned about a lack of physical security in the worker’s new place of work (48%) and devices becoming infected with malware (34%). 

In the UK, 79% of respondents say there has been an increase in phishing/social engineering attacks since COVID-19 which is much higher when compared against DACH (49%), Benelux (65%), and Scandinavia (53%). 

The UK ranks much lower than European regions for organisations having experienced an attack that specifically leveraged COVID-19 as a threat vector (39%), DACH (52%), Benelux (46%), and Scandinavia (39%). 

The UK (43%) lags in organisations having a policy on the security requirements for teleworkers against DACH (59%), Benelux (51%), and Scandinavia (50%). 

The UK (43%) has faced more attacks involving the compromise of employees’ passwords in the past year against DACH (36%) Benelux (37%), and Scandinavia (42%). 

Darren Guccione, CEO & Co-founder of Keeper Security, said: “The findings revealed today present a worrisome picture of the state of online safety for businesses across the UK and Europe.  

As we enter a prolonged period of remote working, it is critical that businesses feel sufficiently protected from possible cyberattacks. IT security systems are not keeping up with the demands of the new way we work. We commission this annual research with the Ponemon Institute because it is imperative that organisations turn this cybersecurity epidemic around. 

“The good news is there is a solution to ensuring businesses’ data is safe, regardless of where staff are based. Keeper prevents password-related data breaches by creating random, high-strength passwords and providing all employees with a private, encrypted vault for storing all credentials and private data.  

We need to ensure all businesses wake up to the realities of working during this pandemic and prioritise investing in a strong, reliable cybersecurity infrastructure.” 

Larry Ponemonchairman and founder at the Ponemon Institute, said: “COVID-19 and widespread remote working has provided cybercriminals with a new means to attack businesses with greater levels of intensity and frequency.  

Cybersecurity in the Remote Work: A Global Risk Report highlights how cyberattacks on businesses across the UK and Europe are at risk in the era of remote working and should be making this a top priority and installing the most protective software out there.”