Intelligent CISO Issue 74 | Page 30

EDITOR ’ S question

TOM HENSON , MANAGING DIRECTOR AT EMERGE DIGITAL

T he Cyber Breaches Survey raises some interesting questions about the investment and understanding of cybersecurity from UK businesses .

There has been a marked increase in the number of businesses undertaking basic cyberhygiene processes in the last 12 months , including using up-to-date malware protection , up from 76 % to 83 %, restricting admin rights , up from 67 % to 73 %, implementing network firewalls , up from 66 % to 75 %, and having agreed processes for phishing emails , up from 48 % to 54 %.
However , on the flip side of these findings , it is deeply concerning that nearly two fifths of businesses don ’ t have up-to-date malware protection , which in today ’ s world should really be 100 %. There simply isn ’ t an excuse for businesses not to have these types of protections , so although these figures highlight steps in the right direction , it isn ’ t enough .
It is also worrying to see such a small percentage of businesses with oversight of their supply chain . Just 11 % review the risks posed by their immediate suppliers , and only 6 % look at their wider supply chain . A vast number of breaches which occur are caused by supply chain attacks , and gaining visibility of supplier risk should be a top priority for all businesses .
A large number of businesses remain unaware of the government-backed Cyber Essentials scheme , with just 12 % stating they were aware of it .
It is deeply concerning that nearly two fifths of businesses don ’ t have up-to-date malware protection .
For large businesses , which are investing more in cybersecurity , there has been a dip in both immediate and wider supply chain risk analysis . This is likely because , following a spike in 2023 , businesses felt comfortable that they ’ d taken action and could now relax slightly .
However , when it comes to cybersecurity , this simply isn ’ t the case . Cybercriminals are working overtime to try and find new ways to breach businesses , and senior leaders must do the same . By not constantly evolving and improving your defenses , you give attackers the chance to catch up .
It ’ s also surprising that such a large number of businesses remain unaware of the governmentbacked Cyber Essentials scheme , with just 12 % stating they were aware of it . This figure has decreased year-on-year from 16 % in 2022 . The scheme gives businesses a solid , base-level of protection , and as the government ’ s flagship cyber certification , it is staggering that so many are still unaware of it . There is no reason that all businesses shouldn ’ t know about the scheme , even at a base level .
The report found that just 41 % of businesses had sought out external cybersecurity advice this year . This number should be much higher . Seeking advice is the first step in improving cybersecurity , and the fact that more than half of UK businesses are yet to take this step is concerning .
30 WWW . INTELLIGENTCISO . COM