In the past 12 months, almost half of UK businesses (47%) have been attacked by an “increasing number” of state-sponsored threat actors, according to “A Look at Cyber Resilience and Security Across the United Kingdom”, a new research report published recently by cybersecurity experts Absolute.
Absolute surveyed 250 UK CISOs for the report and found that 48% of businesses have been hit by a ransomware attack in the past year. What’s more, over two-thirds (69%) said the financial loss from a successful ransomware attack could cripple their business.
All of this has made ransomware the biggest cybersecurity concern for businesses for 80% of respondents. But CISOs aren’t just worried about the companies they work for, they’re also worried about themselves. Nearly two-thirds (62%) said they could lose their job if their company suffered a major successful ransomware attack.
Ignoring the NCSC
You would think that in such a climate, businesses would be doing everything they can to stay safe and prevent ransomware attacks. However, the report found that over a third (35%) are completely ignoring the National Cyber Security Centre (NCSC) cyber guidance.
Furthermore, two-thirds (64%) said the UK has a poor cyber resilience strategy that does not define a clear response policy to recover from cyber breaches. Finally, 43% admitted their cybersecurity teams have not been given enough budget to thoroughly protect their business.
State-sponsored attackers aren’t the only ones who’ve been increasing the volume of attacks lately. New reports suggest that cyberattacks are increasing across the board, with the average organization now experiencing 1,636 attacks per week, according to Check Point Research. These are primarily ransomware and Business Email Compromise (BEC) attacks, and they’re up 25% between Q1 and Q2, 2024.
This “relentless onslaught of attacks,” as CPR calls it, is largely driven by the increasing sophistication and persistence of threat actors, as artificial intelligence (AI) and machine learning (ML) have given even low-level threat actors the tools normally reserved for only the largest and most dangerous groups.