Skip to main content

Security budgets are falling across the UK

(Image credit: Shutterstock)

UK businesses are investing less in cybersecurity, compared to last year despite the fact that the number, the intensity and the costs of cyber-incidents are on the rise.

New research by Databarracks found that 55 per cent of busineses in the country have either kept their budgets the same as last year, or decreased them.

A third (33 per cent) have managed to increase their budgets for cybersecurity this year, down from 36 per cent last year.

At the same time, the report also uncovers the effects of cybersecurity incidents on businesses: for 12 per cent of respondents, they were the biggest cause of IT downtime (up from six per cent three years ago). Almost a fifth (17 per cent) consider cyberattacks the main reason for data loss (up from nine per cent in 2016), and ransomware has almost doubled in the same period.

“Cyber-incidents are becoming more prominent as a cause of both IT downtime and data loss, and attack types like ransomware are causing significant disruption – particularly for manufacturing and the public sector,” commented Peter Groucutt, Managing Director at Databarracks.

“These developments underline that now is not the time to reduce investment in cyber resilience. We are adjusting to a new reality. This is a cyber-arms race and unless we continue to match the investment and commitment of the cyber criminals with a corresponding investment of our own, we will lose the battle.”

Organisations are facing a perfect cybersecurity storm: criminals are growing in numbers, their tools and practices becoming more creative and harder to spot. It’s becoming increasingly difficult to find and retain talented people to combat these threats, and those that do stay are under constant stress and pressure to keep their organisations safe. Employees are lacking education and training, becoming the weakest link in the cybersecurity chain. At the same time, the costs of data breaches keep rising, especially with the possibility of huge GDPR fines.