UK tech companies hit by a cyberattack every 8 days – report

UK cyberattacks

UK companies in the IT and technology sector experienced an average of 44 cyberattacks in the last 12 months – roughly one every 8 days.

That’s according to research by cybersecurity company Keeper Security as part of its 2021 Cybersecurity Census Report, which found that 79% of UK business leaders expect cyberattacks against their organisations to increase next year.

Humans are often cited as the weakest link in an organisation’s cybersecurity, with scammers and fraudsters sending phishing emails to unsuspecting staff or hackers cracking reused passwords.

This feeling was reflected by 60% of IT leaders who feel employees don’t understand the cybersecurity implications of poor password hygiene. Over two-thirds (69%) of IT leaders therefore feel educating employees on cybersecurity best practices vital to reduce the threat.

Though the report revealed that the vast majority (95%) of IT and tech companies are aware of where the gaps in their cybersecurity defences are, only 40% are addressing all of them.

“Despite all the innovation, the UK’s IT and tech industry has a lot of catching up to do in terms of cybersecurity,” said Darren Guccione, CEO and co-founder of Keeper Security. “Cybercriminals will continue to target IT and tech companies in the years to come. To weather the cybersecurity storm, organisations must address both the current skills gap and implement stringent IT policies that include a zero-trust and zero-knowledge approach.”

According to IT decision-makers, in addition to the right skills and solutions, three key initiatives are needed to fortify an organisation’s cyber defences.

Two-thirds (72%) are calling for a member of the board to be dedicated to an organisation’s cyber welfare. A large majority (88%) want external accountability in the form of an independent body – an ‘Ofcom for cybersecurity’ – to lower cyberattacks.

Some 92% of IT decision-makers (92%) think there should be legislative change requiring businesses to have basic cybersecurity protection in place before being allowed to operate.