Cybersecurity alerts surge 37% for UK SMBs in a year
British small and medium-sized businesses (SMBs) have been bombarded with cybersecurity alerts, seeing a 37% increase over the past year. This upsurge in daily digital disturbances, from 597 in 2023 to 815 in 2024, has plunged security professionals into a race against time, allowing them only 87 seconds to decode each warning and filter out genuine threats, recent research from cybersecurity provider Censornet reveals.
Private sector bodies bore the brunt of these digital threats, obtaining 18% more alerts than the public sector. The cresting waves of security risks coincide with a shrinking tide in IT support, with an average security team size of 2.63 people at the start of 2024, a slight drop from the 2.7 people of 2023.
Censornet's study gathered insights from 200 IT and security leaders across the UK, laying bare the striking levels of stress experienced by SMBs. Out of five SMBs, two had to take their systems and applications offline owing to an incident in the past year. Among these, for one in seven (14%), the outage lasted longer than a day. Data loss also plagued almost two in five SMBs (39%) in 2023 due to a cyber-attack, marking a 13% increase since 2021. Additionally, 30% of SMBs suffered data loss due to user error, and 27% due to disgruntled employees in the past year. One in five SMBs fell victim to a ransomware attack with 34% compensating their attackers, averaging a payout of around £139,368.
This cybersecurity strain also breaches the boundaries of work schedules. About 38% were disturbed at night, with 44% of private sector security professionals receiving calls to address cyber alerts. Aside from unscheduled night shifts, 34% had their holiday interrupted to handle security alerts. This arduous workload may prove unsustainable, as 32% of professionals already feel crestfallen and unable to cope with the cyber demands. Notably, only 60% of alerts are fully investigated, laying foundations for potentially severe financial, operational, and reputational damage. An 11% increase has been noted in professionals believing their career progress is negatively impacted by a cyberattack, rising from 18% to 29% since last year.
Ed Macnair, CEO of Censornet, lamented the current state, saying cybersecurity professionals are "working hard to discern genuine threats from noise - sacrificing sleep, holidays, and career stability". Macnair suggested that it is imperative to strengthen the defences of SMBs, which form the backbone of the UK economy. Leveraging new technologies, such as artificial intelligence (AI), could simplify the process of threat detection and mitigation.
Despite escalating complexities and persistence of threats, the capability of SMBs to guard against common attack vectors is dwindling. Over two thirds (69%) of SMBs alluded that the number of discrete products needed to protect against the entire threat spectrum was among their greatest challenges this year. Worse, multiple solution patchworks appear to be weakening defences, with statistics showing a decline in protective measures against cross-channel attacks and handling suspicious emails. However, 44% of SMBs anticipate AI to be their salvation, easing the management of cyber risks and automating everyday tasks to free up time for proactive risk investigation. Neil Langridge, Marketing & Alliances Director at e92, echoed this sentiment, emphasising the "rapid growth of AI" and encouraging a "cybersecurity perspective that emphasises controls" rather than merely on tools to effectively manage technology estates.