Study Warns on "Head-in-the-Sand" Approach to Cybersecurity
- "Cyber Security Report 2024/2025" by Horizon3.ai for the United Kingdom
- Cybersecurity expert Keith Poyser: "Half of companies neglect regular
assessments of their operational cyber risks, despite it being essential to
protect themselves from potential threats and comply with modern legislation."
At least half of UK organisations are neglecting to assess their operational
cyber risks, despite the increasing threats in the cybersecurity landscape and
the requirements of regulations such as DORA and NIS2, according to Keith
Poyser, Vice President for EMEA at cybersecurity company Horizon3.ai. He cites
findings from Horizon3.ai's "Cyber Security Report 2024/2025", which surveyed
150 UK organisations. The report reveals that only 23% of the companies
regularly conduct risk assessments of their IT infrastructure to determine how
vulnerable they are to cyberattacks.
Industry veteran Keith Poyser raises a key concern: "Regular assessment of
operational cybersecurity is essential to meet both current and forthcoming
legal requirements for IT security. This includes the Cyber Security and
Resilience Bill, set to be introduced to Parliament this year, alongside
European regulations like the Cyber Resilience Act (CRA), which also impact UK
organisations working with EU partners. Moreover, ongoing evaluations are the
only effective way to mitigate the potentially severe consequences of
cyberattacks. Companies that neglect to assess their cyber resilience are
knowingly putting themselves at considerable risk."
Cyber Resilience Requires Regular Maintenance
Nearly a third of organisations acknowledge their weaknesses in this area,
according to the survey. While 31% currently do not conduct cyber risk
assessments, they intend to address this gap in the future. However, 29% perform
assessments only once a year, a quickly out-of-date snapshot, which is
insufficient to stay ahead of evolving threats.
The government's Cyber security breaches survey 2024 * estimates that UK
businesses had experienced approximately 7.78 million cyber crimes of all types
within 12 months. "Limiting penetration testing, getting a true attacker's
perspective, of your computing and cloud environments to just once a year
borders on negligence," warns Poyser. He offers a striking analogy: "It's like
taking your car for an MOT once every hundred years. It might survive the
century, but the odds are far from being in your favour."
Head-in-the-Sand Policy on Cybersecurity
According to the study, 13% of companies do not test their defences against
Head-in-the-Sand Policy on Cybersecurity
According to the study, 13% of companies do not test their defences against
