Press "Enter" to skip to content

One in three mid-market organisations suffered an outage, with one in five paying a ransom to hackers

Research shows mid-market tackling high rate of costly attacks, worsened by complex, siloed defences and rising stress levels

Mid-market organisations in the UK suffered significant financial and operational damage as a result of cyberattacks in 2021 and want to see fundamental change to how cybersecurity is designed and run, new research reveals.

One in three (33%) mid-market organisations suffered an outage that knocked them offline for more than a day.  Only half were able to prevent malicious attachments from reaching users’ inboxes. Shockingly, one in five (21%) were forced to pay hackers to deactivate ransomware. As a result, the top wish for cybersecurity in 2022 was to see security vendors open up traditionally closed point products to enable an automated response to cyberattacks.

The new findings are taken from The UK mid-market on Code Red: the state of the UK’s cyber security response, a report by cybersecurity provider, Censornet. Gathering insights from 200 UK-based IT and security leaders, covering ten different industries in both the public and private sectors, the research explored the biggest attacks of 2021, the challenges facing the mid-market and their plans for investment in 2022.

‘For the UK mid-market, the cybersecurity situation is serious,’ said Ed Macnair, CEO at Censornet. ‘The financial and reputational cost of cybercrime is rising, putting more pressure on overwhelmed professionals, who are tackling hundreds of alerts a day from siloed point products. Organisations must work smarter, not harder. Only when security systems work seamlessly together, faster than humanly possible, will we see the needle begin to move in the right direction.’

 Attacks causing major damage

The report reveals that despite concerted efforts to protect themselves, mid-market organisations continued to feel the sting of cyberattacks in 2021 – often due to cross-channel attacks, which only 37% of organisations felt they had the ability to prevent.  These incidents were driven in part by the unwitting insider threat: 17% of all respondents reported serious attacks after employees opened suspicious or malicious emails, with that number rising to 28% for businesses turning over more than £51 million.

Ransomware also posed a particularly serious threat, with more than two thirds (69%) of organisations feeling unable to protect themselves against it. Of those that suffered a ransomware attack and paid the ransom, the average pay-out was £144,000, with 7% of those handing over more than £500,000.

These vulnerabilities are also worsening in severity as more workers work remotely. Over half (51%) of mid-market organisations said they had not purchased cybersecurity products designed to specifically protect against threats for hybrid and remote workers.

Overcomplicated security driving high levels of stress

The research reveals that organisations are investing in large numbers of point products to tackle their risk. The average number of security products managed in a single organisation stands at 24. Nearly a third (27%) are managing more than 31 security products at once.

As a result, on an average day, 716.4 cyber security alerts are generated. Each security professional has to investigate over 35.3 security alerts every hour and has just 102 seconds to assess what is a genuine threat. Not only that, but 38% of mid-market security staff said they had received a call in the middle of the night to investigate a cyber security incident.

This flood of alerts and out-of-hours demands translates into almost half (47%) of professionals feeling overwhelmed, with that figure rising to 59% in the public sector. It’s not hard to see why: almost one in ten (9%) cybersecurity staff say they suffered from sleep deprivation due to cyber security concerns, with the average amount of sleep standing at 5.7 hours per night, considerably less than the seven hours or more recommended by the NHS.

Automation and integration key to improving situation in 2022

In response to the challenges that organisations are facing, respondents indicated a clear need for fundamental change in the way cybersecurity is designed and run over the next year. Nearly half (46%) want security vendors to open up traditionally closed point products to enable automated response to cyber threats and/or cyber-attacks. In line with these needs, three quarters (76%) of organisations said they plan to invest in a cloud-based security platform that allows their security products to autonomously share security event data to better protect their organisation.

About Censornet

Headquartered in an innovation hub in Basingstoke, UK, Censornet gives mid-market organisations the confidence and control of enterprise-grade cyber protection. Its Autonomous Integrated Cloud Security platform integrates attack intel across email, web, and cloud to ensure cyber defences react at lightning speed. For its millions of users globally, its AI-driven, autonomous solution is smarter, faster, and safer than is humanly possible. It’s supported by an award-winning team of customer support specialists.  Censornet’s clients include Fever Tree, Lotus Cars, Parnassia Groep, Mizuno, Radius Payments, Newlife Disabled Children’s Charity, National Portrait Gallery, Hallmark Hotels and Thatchers Cider. It was named Cloud Security Product of the Year (SME) at the Computing Cloud Excellence Awards 2021. For more information, please visit https://www.censornet.com

About the Research 

This report summarises the results of independent opinion research commissioned by Censornet and carried out by 3Gem. The online research surveyed 200 IT decision makers in UK based companies with under 5000 employees. The research was completed in December 2021. Respondents were split across the public and private sector and included Chief Technology Officers, Chief Information Officers, Chief Information Security Officers and IT Directors and Managers from a range of industries including finance, retail, technology, manufacturing and construction.

Please follow and like us:

Be First to Comment

Leave a Reply

TechnologyReseller: 2021