Paul Drake, RVP Sales, UK & Ireland at Barracuda evaluates the best methods to protect against cyberattacks and the impact it can have on businesses.
Cyberattacks are costly.
Not just in terms of direct financial losses, such as a ransom payment or a fraudulent money transfer resulting from an email scam, but indirectly, through operational disruption, productivity loss and damage to brand reputation and customer trust.
Recent research among IT security professionals by Barracuda found that two thirds (67%) of the UK organisations surveyed were hit with one or more cyberattacks in the last year and the average annual cost of dealing with these incidents came to more than £3.6 million.
This high number is not surprising if you look at how cyberthreats are evolving – most respondents said attacks had become more sophisticated (61%) and more severe (54%) over the last year, taking longer to recover from and fix.
Here we’ll examine the factors behind these costs and how organisations can best harden their defences to mitigate the expense and impact of an attack.
Easy access to criminal tools for hire, coupled with the growing ability to automate and scale attacks, for example through generative AI, is bringing cybercrime within reach of a wider pool of attackers, including those with limited skills and resources.
Barracuda’s research discovered that for UK respondents the average yearly cost associated with the theft of IT assets, damage to infrastructure, incident investigation and remediation activity stood at just over £2 million.
System downtime and the resulting lost productivity and operational disruption added another £1.6 million.
These sums are compounded by longer term issues such as the loss of customer trust and potential regulatory and legal issues.
The research highlights some of the top challenges that make it harder for organisations to protect their assets and employees against cyberattacks and their impact.
The list is headed by the difficulty of implementing uniform security policies and programmes across the business.
These policies are often business critical, including authentication measures and access controls, areas where any gaps will be quickly exploited by cyber attackers looking to steal credentials, compromise accounts and gain access to the network.
Other challenges, such as a lack of visibility into the network and applications, difficulty in securing the supply chain and not having a complete inventory of third parties with access to sensitive and confidential data, also keep security teams awake at night.
While 84% of UK organisations have an incident response plan in place, a quarter of respondents said the plan is not applied consistently across the organisation.
Around one in six (16%) admitted that they don’t even have an incident response plan – the highest proportion of the five countries surveyed.
The absence of a plan, or an untested plan can limit an organisation’s ability to act swiftly and effectively in the event of an incident.
Any delay or confusion in response not only hampers mitigation efforts but can also amplify the damage caused by the breach.
As cyber criminals start to harness AI tools and technologies, security teams face rapidly evolving challenges in mitigating and defending against attacks.
Although 80% of UK respondents felt confident they understood generative AI, up to a quarter didn’t know if their IT infrastructure was equipped to handle automated security attacks launched using generative AI (25%) or whether they would have to find new ways to protect the organisation (19%).
Fortunately, there is a lot that organisations can do to harden their security against these emerging threats.
The research looked at the security strategies of those organisations that had a highly effective security posture, defined as the ability to address cyber risk, vulnerabilities and attacks.
These ‘High Performer’ organisations are the most likely to say that the risk level is increasing and attacks are becoming more sophisticated and severe.
They are, however, also more likely to say they have the security resources and investment they need.
Further, these high performing organisations are likely to have company-wide and tested incident response plans in place and to understand the need to adapt to the risk of AI-powered threats.
Attackers are learning how to leverage AI-powered tools such as generative AI to increase their efficiency and automate their activity and boost the chances of success.
Future-proofing security investments requires a commitment to ongoing employee awareness training, innovation, and strategic planning.
As cyber threats become increasingly sophisticated, so must the defences organisations deploy.
Embracing this challenge head-on, with a clear understanding of the financial stakes and a strategic investment approach, businesses can safeguard their future in an uncertain digital age.