UK software businesses have experienced on average 30 cyber incidents over the last twelve months, a 40 per cent annual increase, according to a new report.
Despite just under half (48%) of software organisations spending more than £50,000 a year on cyber protection such as vulnerability assessments, penetration testing, and red team engagements, the report found that 44 per cent think their cyber security budget is inadequate to fully protect them from growing threats.
The data comes from iomart and Oxford Economics’ ‘State of cyber security in the UK 2023’ report, which surveyed 39 software executives, as part of a wider survey of 500 UK businesses.
It found that 49 per cent of businesses in the software sector agree that budget constraints continue to be one of the biggest barriers to improved cyber security, while 28 per cent have seen an increased frequency of threats from bad actors over the past two years.
In fact, the rising cost of cyber insurance premiums is one of the biggest financial outlays, with 62 per cent of software businesses noting a rise over the last two years.
With the cost of remediation and other business expenses, such as energy, on the rise, stretched budgets are causing blind spots in companies’ cyber strategies.
Of the 500 businesses surveyed, only 37 per cent of respondents have security embedded into all their business processes and functions, while 14 per cent admitted that security is only addressed on an ad hoc or as-needed basis.
Meanwhile, during the COVID-19 pandemic, 41 per cent of organisations were forced to sacrifice cyber security to keep the lights on, including 47 per cent of software businesses.
The report also found that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30 per cent of cyber staff admit to currently facing burnout.
This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).
Despite these challenges, the software sector is optimistic about the role of nascent technologies such as AI and ML.
Almost half (44%) believe the use of AI and ML will be a major trend in cyber security over the next two years, particularly in support of email screening (79%) and contextual analytics (64%).
Lucy Dimes, CEO of iomart said, “our latest security report with Oxford Economics is a temperature check on the cyber challenges businesses face, including those in the software sector.
“As an industry which is often an early adopter of nascent programs and technologies, as well as one which fosters open and collaborative working, software companies could be more susceptible to cyber threats. And while it is clear that the threat of cybercrime is rising, there’s a lack of confidence in organisations’ abilities to protect themselves against it.
“There are many factors at play that are influencing this, from rising energy costs and increased insurance premiums to skills shortages and staff burnout, which are causing huge challenges for businesses.
“While this may be the case, there are ways to relieve these pressures, with effective strategies being developed and new technologies such as AI being embraced. Working alongside trusted partners can also ensure companies have adequate cyber strategies tailored to their business needs and challenges.”
The ‘State of Cyber Security in the UK 2023’ report surveyed 500 executives from a range of industries, most with more than 1,000 employees, all based in the UK.