In the past 12 months, almost half of enterprises in the United Kingdom (47%) were attacked by an “increasing number” of state-sponsored threat actors. This is according to “A Look at Cyber Resilience and Security Across the United Kingdom,” a new research paper published recently by cybersecurity experts Absolute.
Surveying 250 UK CISOs for the report, Absolute found that 48% of firms were struck by a ransomware attack in the past year. Furthermore, more than two-thirds (69%) said the financial loss from a successful ransomware attack could cripple their enterprise.
All of this has made ransomware the enterprise’s biggest cybersecurity concern for 80% of the respondents. But CISOs are not just worried about the enterprises they are working for, they are also worried about themselves. Almost two-thirds (62%) said they could lose their job if their enterprise suffered a major successful ransomware attack.
Ignoring the NCSC
One would think that in such a climate, enterprises would be doing all they can to remain secure and prevent ransomware attacks from happening, yet the report found more than a third (35%) completely ignoring the National Cyber Security Centre’s (NCSC) cyber guidance.
What’s more, two-thirds (64%) said the UK has a poor cyber-resilience strategy which does not define clear response policies to recover from cyber breaches. Ultimately, 43% admitted their cybersecurity teams haven’t been given enough budget to keep their enterprise thoroughly protected.
State-sponsored attackers are not the only ones increasing the volume of attacks in recent times. New reports are suggesting that cyberattacks are rising across the board, with the average organization now experiencing 1,636 attacks every week, according to Check Point Research. These are mostly ransomware and Business Email Compromise (BEC) attacks, and they are up 25% between Q1 and Q2, 2024.
This “relentless onslaught of attacks,” as CPR describes it, is mostly driven by the growing sophistication and persistence of threat actors, since Artificial Intelligence (AI) and Machine Learning (ML) gave even low-level threat actors the tools usually reserved only for the biggest and most dangerous of groups.