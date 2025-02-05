London (ots) -



- "Cyber Security Report 2024/2025" by Horizon3.ai for the United Kingdom

- Cybersecurity expert Keith Poyser: "Half of companies neglect regular

assessments of their operational cyber risks, despite it being essential to

protect themselves from potential threats and comply with modern legislation."



At least half of UK organisations are neglecting to assess their operational

cyber risks, despite the increasing threats in the cybersecurity landscape and

the requirements of regulations such as DORA and NIS2, according to Keith

Poyser, Vice President for EMEA at cybersecurity company Horizon3.ai. He cites

findings from Horizon3.ai's "Cyber Security Report 2024/2025", which surveyed

150 UK organisations. The report reveals that only 23% of the companies

regularly conduct risk assessments of their IT infrastructure to determine how

vulnerable they are to cyberattacks.







operational cybersecurity is essential to meet both current and forthcoming

legal requirements for IT security. This includes the Cyber Security and

Resilience Bill, set to be introduced to Parliament this year, alongside

European regulations like the Cyber Resilience Act (CRA), which also impact UK

organisations working with EU partners. Moreover, ongoing evaluations are the

only effective way to mitigate the potentially severe consequences of

cyberattacks. Companies that neglect to assess their cyber resilience are

knowingly putting themselves at considerable risk."



Cyber Resilience Requires Regular Maintenance



Nearly a third of organisations acknowledge their weaknesses in this area,

according to the survey. While 31% currently do not conduct cyber risk

assessments, they intend to address this gap in the future. However, 29% perform

assessments only once a year, a quickly out-of-date snapshot, which is

insufficient to stay ahead of evolving threats.



The government's Cyber security breaches survey 2024 * estimates that UK

businesses had experienced approximately 7.78 million cyber crimes of all types

within 12 months. "Limiting penetration testing, getting a true attacker's

perspective, of your computing and cloud environments to just once a year

borders on negligence," warns Poyser. He offers a striking analogy: "It's like

taking your car for an MOT once every hundred years. It might survive the

century, but the odds are far from being in your favour."



Head-in-the-Sand Policy on Cybersecurity



According to the study, 13% of companies do not test their defences against





