Kaspersky: 25% of UK companies underfunding cybersecurity

New research from global cybersecurity and digital privacy leader Kaspersky shows that even though more than eight out of 10 UK companies have been victims of a cyber attack, nearly one in four admit they are not spending enough to protect themselves.

The Kaspersky report – must-have cybersecurity insights for proactive business decision-makers  – reveals a familiar story of companies simply not investing appropriate funds in their cyber defences.

Perhaps even more concerning is that 64% of UK businesses recognise they need to be more proactive yet 57% lack the resources to fund expert advice. That means many firms in the study handle their own cyber security – and are clearly paying the price.

This is hardly surprising seeing the increasing complexity of cyber criminals and the move to remote working and use of personal devices due to the COVID-19 pandemic – initiatives that could be here to stay.

Email, malware, spyware and ransomware are biggest cyber threats

The study says the most common cyberattacks suffered by UK businesses were:

• Email attacks (29%)
• Malware attacks (26%)
• Spyware attacks (24%)
• Ransomware attacks (18%)

“Whether it’s down to human error, cleverly disguised email attacks or the growing complexity of IT infrastructures, our survey shows very clearly the pain points that all companies – whether large or small – need to address,” says Christopher Hurst, General Manager, Kaspersky UK&I.

“A major part of these budget constraints is that companies perceive their internal protection as being better than it actually is, with resources directed at bolstering internal teams.

“Outsourcing skills-hungry security tasks, such as threat hunting, to an experienced MDR provider will deliver an instantly matured IT security function without the need to invest in additional staff or expertise. Fully managed and individually tailored ongoing detection, prioritisation, investigation and response can help prevent business disruption and minimise overall incident impact, more than justifying any associated costs.”

Kaspersky cyber security advice for businesses

• Use dedicated and effective endpoint protection, threat detection and response products
• Provide your SOC team with access to the latest automated threat intelligence and regularly upskill them
• Provide all staff with basic cybersecurity hygiene training, as many attacks start with phishing or other social engineering techniques
• Integration of human expertise and technology is key. If you get both from one trusted partner which is integrated and partly automated, companies can get enterprise-wide visibility which saves them time and increases efficiency. This frees up the security team’s time to work on more important matters.

Download the Kaspersky report here.