    Study Warns on "Head-in-the-Sand" Approach to Cybersecurity

    London (ots) -

    - "Cyber Security Report 2024/2025" by Horizon3.ai for the United Kingdom
    - Cybersecurity expert Keith Poyser: "Half of companies neglect regular
    assessments of their operational cyber risks, despite it being essential to
    protect themselves from potential threats and comply with modern legislation."

    At least half of UK organisations are neglecting to assess their operational
    cyber risks, despite the increasing threats in the cybersecurity landscape and
    the requirements of regulations such as DORA and NIS2, according to Keith
    Poyser, Vice President for EMEA at cybersecurity company Horizon3.ai. He cites
    findings from Horizon3.ai's "Cyber Security Report 2024/2025", which surveyed
    150 UK organisations. The report reveals that only 23% of the companies
    regularly conduct risk assessments of their IT infrastructure to determine how
    vulnerable they are to cyberattacks.

    Industry veteran Keith Poyser raises a key concern: "Regular assessment of
    operational cybersecurity is essential to meet both current and forthcoming
    legal requirements for IT security. This includes the Cyber Security and
    Resilience Bill, set to be introduced to Parliament this year, alongside
    European regulations like the Cyber Resilience Act (CRA), which also impact UK
    organisations working with EU partners. Moreover, ongoing evaluations are the
    only effective way to mitigate the potentially severe consequences of
    cyberattacks. Companies that neglect to assess their cyber resilience are
    knowingly putting themselves at considerable risk."

    Cyber Resilience Requires Regular Maintenance

    Nearly a third of organisations acknowledge their weaknesses in this area,
    according to the survey. While 31% currently do not conduct cyber risk
    assessments, they intend to address this gap in the future. However, 29% perform
    assessments only once a year, a quickly out-of-date snapshot, which is
    insufficient to stay ahead of evolving threats.

    The government's Cyber security breaches survey 2024 * estimates that UK
    businesses had experienced approximately 7.78 million cyber crimes of all types
    within 12 months. "Limiting penetration testing, getting a true attacker's
    perspective, of your computing and cloud environments to just once a year
    borders on negligence," warns Poyser. He offers a striking analogy: "It's like
    taking your car for an MOT once every hundred years. It might survive the
    century, but the odds are far from being in your favour."

    Head-in-the-Sand Policy on Cybersecurity

    According to the study, 13% of companies do not test their defences against
