With inflation in the UK soaring, consumers and businesses are experiencing a significant financial strain. Not showing signs of easing anytime soon, the difficult economic climate continues to force organisations across all sectors to cut costs and make redundancies.
However, the economic crisis is not the only threat, writes Rick Jones, pictured, CEO and co-founder of the cyber firm DigitalXRAID.
One in three UK businesses fell victim to cyberattacks in the last 12 months – and almost 70 per cent of large enterprises. Moreover, the average ransomware payment has nearly doubled to £1.6m over the past year, with UK firms paying significantly more than the average amount worldwide. Now more than ever, organisations need proactive, affordable cybersecurity solutions that guarantee protection from expensive data breaches and can give return on investment (ROI).
Be proactive
The first and most crucial step for effective cybersecurity investment is proactively identifying vulnerabilities across IT infrastructure and environments. Measures including penetration testing, vulnerability scanning, and cybersecurity maturity assessments identify gaps in a company’s security posture and evaluate operational resiliency, allowing for timely remediation before weaknesses are exploited. Considering a recent report from Panaseer found that 35pc of cyber budgets aren’t going towards improving security posture, ensuring that critical vulnerabilities are prioritised and patched as soon as possible is essential to making the most of limited budgets.
Establish foundational cyber hygiene
Once the most critical areas for investment are identified, implementing a strong foundation of cyber hygiene is a strategic next step. Although many of these measures seem ‘basic’, it’s the basics that can make a real difference when it comes to bolstering cybersecurity. In fact, basic cyber hygiene can protect against 98pc of all attacks. Simple but critical things like privilege access management, multi-factor authentication, cybersecurity awareness training and phishing simulations establish a defence-in-depth approach, while also accelerating businesses’ journeys to achieving a ‘security-first’ culture and mindset.
Reduce cyber insurance premiums
For many businesses, cyber insurance premiums have risen to new levels of unaffordability, but insurance still remains a key element of a holistic cybersecurity strategy. Finding solutions to reduce premiums is therefore a priority both financially and for better security. One great way to do so is by achieving ISO 27001 certification. As well as evidencing that proactive security measures have been adopted, this ISO certification helps to lower premiums by identifying and mitigating cyber risks, supporting compliance with regulatory requirements, enhancing organisations’ reputations and improving overall security posture.
Consider outsourcing
While these measures make good financial and cybersecurity sense to implement, many businesses are struggling with a lack of skilled security professionals. There are 3.5 million unfilled cyber positions worldwide and, on the ground, this is resulting in IT and security teams becoming increasingly burnt-out and overworked. The idea that this overwhelmed workforce can guarantee round-the-clock threat monitoring and detection is unrealistic, and yet there is always the risk that a hacker can evade cyber hygiene measures to potentially catastrophic effect. Outsourcing is therefore becoming more and more common for businesses in this situation.
By seeking to go beyond the essentials by outsourcing to cybersecurity experts, businesses benefit from wide and varied threat intelligence and reduce the burden on over-stretched internal teams. Freeing up these professionals from time-intensive processes and the pressure of 24/7/365 threat detection by outsourcing a Security Operations Centre (SOC), for example, enables resources and budget to be redirected to upskilling, developing business capabilities and digital transformation. Not only does this guarantee cybersecurity ROI, but benefits the business as a whole, ensuring it remains competitive in the challenging economic environment.
Looking ahead
Despite significant financial and cybersecurity risks, there are several cost-effective measures that businesses can implement to bolster their security posture. Most importantly, a proactive approach is key. Getting ahead of cybercriminals and leveraging external expertise not only ensures that foundational cyber hygiene is achieved, but also that constant threat monitoring is made possible. In this way, organisations can direct finite resources to the most vulnerable areas of the business and mitigate against the risk of a critical, costly data breach.
