In the past 12 months, almost half of UK businesses (47%) have been attacked by an “increasing number” of state-sponsored threat actors, according to “A Look at Cyber Resilience and Security Across the United Kingdom”, a new research paper recently published by cybersecurity experts Absolute.
Surveying 250 UK CISOs for the report, Absolute found that 48% of businesses had experienced a ransomware attack in the past year. Furthermore, more than two-thirds (69%) said the financial loss from a successful ransomware attack could cripple their business.
All of this has made ransomware the biggest concern in business cybersecurity for 80% of respondents. But CISOs are not only worried about the companies they work for, but also about themselves. Nearly two-thirds (62%) said they could lose their job if their company suffered a major ransomware attack.
Ignoring the NCSC
You might think that in such a climate, businesses would do everything they can to stay secure and prevent ransomware attacks from happening, but the report found that more than a third (35%) are completely ignoring cyber guidance from the National Cyber Security Centre (NCSC).
Furthermore, two-thirds (64%) said the UK has a poor cyber resilience strategy that does not define clear response policies to recover from cyber breaches. Finally, 43% admitted that their cybersecurity teams have not been given enough budget to keep their businesses fully protected.
State-sponsored attackers aren’t the only ones to have increased attack volumes of late. New reports suggest that cyberattacks are on the rise across the board, with the average organization now experiencing 1,636 attacks per week, according to Check Point Research. These are primarily ransomware and Business Email Compromise (BEC) attacks, and have increased by 25% between Q1 and Q2 of 2024.
This “relentless onslaught of attacks,” as CPR describes it, is driven primarily by the increasing sophistication and persistence of threat actors, as Artificial Intelligence (AI) and Machine Learning (ML) gave even low-level threat actors tools usually reserved only for the largest and most dangerous groups.
