New research from Appsbroker CTS has found that despite increased investment in cybersecurity, a significant number of UK IT leaders feel less secure than they were a year ago. The survey of 150 IT and security decision makers found that over 87% said security risks keep them up at night. The report, titled “Tipping the Cyber Scales: How Defenders Can Get Back in the Game”, highlighted five key areas of concern: ransomware, lack of visibility, identity misuse, misconfigurations and vulnerabilities.
Survey data revealed that 90% of respondents believe the risk and severity of cyber attacks have increased over the past year. Additionally, 61% say the attack surface is “uncontrollable.” There is also a lot of anxiety around emerging technologies, with 79% worried that innovations such as GenAI will “change the game” and leave them unprepared.
Despite 97% of IT leaders reporting increased investment in cybersecurity, more than half feel less secure than they were a year ago. Specifically, 61% believe their current investment levels are not enough to reduce their overall risk. Ed Russell, CISO Business Manager at Appsbroker CTS, acknowledges the difficult situation, saying, “As cyber attacks become more frequent, sophisticated and sophisticated, continually evolving your cybersecurity measures is the only way to protect against constantly changing threats. This starts with knowing which investments are having the greatest impact on reducing your attack surface and mitigating risk.”
One notable finding from the report is the widespread feeling of defeat among IT leaders. According to the survey, 71% of respondents believe that companies that claim to be secure are lying, and 57% believe that cybercriminals will continue to win regardless of cybersecurity investments. This sentiment highlights a potentially demoralizing prospect for businesses striving to protect their digital assets.
Specific threats troubling IT leaders include malware, ransomware, and phishing attacks that can halt operations, lack of visibility into unknown security risks, and threat actors stealing identities to gain access to sensitive systems and data. Misconfigurations and the need to patch or rewrite vulnerable applications also ranked high on concerns. Ed Russell emphasized the importance of continuous monitoring and benchmarking, stating, “Many enterprises lack the tools and visibility needed to continuously monitor, test, measure, and benchmark their security posture. Without this insight, it’s impossible to know if investments are being directed in the right areas or if existing defenses are effective.”
Data governance is another key issue highlighted in the report, with 67% of those surveyed saying they are unable to apply consistent governance, policies and controls across their environments, resulting in inconsistent application of security measures. Additionally, 71% noted that lack of access to and control over data increases security risks.
In an effort to improve security, 53% of organizations have adopted Zero Trust controls, but several barriers stand in the way of implementing a Zero Trust strategy in all environments, including cost, legacy integrations, organizational complexity, resource limitations, and a lack of necessary skills and understanding.
