Cisco: Overconfidence in cyber security capabilities putting UK firms at risk

Cyber security concept image showing digitized padlock sitting on a computer circuit board.
(Image credit: Getty Images)

Only 2% of organizations in the UK are properly resilient against today’s cyber security risks, according to new research from Cisco, worse even than the global figure of 3%.

Nearly three-quarters of UK organizations fall into the Beginner or Formative stages of cyber security readiness, analysis from the tech giant found, with just one-in-fifty achieving the required Mature level.

96% of companies said they expect to increase cyber security budgets in the next 12 months, seven-in-ten said a security incident is likely to disrupt their business in the next 12 to 24 months.

Meanwhile, 54% of respondents said they had experienced a cyber security incident in the last 12 months, with just over half of those affected saying it cost them at least $300,000.

But with 78% of companies saying they feel moderately to very confident in their ability to defend against a cyber attack with their current infrastructure, Cisco suggested that companies may be overconfident and failing to assess the true scale of the challenges they face.

"We cannot underestimate the threat posed by our own overconfidence," said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco.

"Today's organizations need to prioritize investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in the favor of defenders."

The traditional approach of adopting multiple cyber security point solutions hasn't been particularly effective, the report found, with three-quarters of respondents admitting that it slowed down their team’s ability to detect, respond, and recover from incidents.

And this is a particular concern, Cisco said, with 69% of organizations revealing they have deployed ten or more point solutions in their security stacks, while 29% said they have 30 or more.

Meanwhile, eight-in-ten companies said their employees access company platforms from unmanaged devices, and 40% of those spend one-fifth of their time logged onto company networks from unmanaged devices.

Another quarter reported that their employees hop between at least six networks over a week.

And progress is being further held up by critical talent shortages, with 85% of companies highlighting it as an issue - indeed, four in ten said they had more than ten roles related to cybersecurity unfilled in their organization at the time of the survey.

The good news is that nearly half of organizations are planning to significantly upgrade their IT infrastructure in the next 12 to 24 months - well up from the 31% who planned to do so last year.

Most prominently, seven in ten plan to upgrade existing solutions, six on ten to deploy new solutions and 55% and invest in AI-driven technologies. Almost all expect to increase their cyber security budget in the next 12 months, with 82% saying their budgets will increase by 10% or more.

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.