UK IT leaders feeling less secure despite cybersecurity investments

New research from Appsbroker CTS has shown that despite increased investment in cybersecurity, a significant number of IT leaders in the UK feel less secure now than they did a year ago. In a survey of 150 IT and security decision-makers, over 87% said that security risks keep them awake at night. The report, titled “Tipping the cyber scales: How defenders can get back in the game,” highlights the top five concerns: ransomware, lack of visibility, identity misuse, misconfiguration, and vulnerabilities.

The survey data revealed that 90% of respondents believe the risk and severity of cyber-attacks have increased over the past year. Furthermore, 61% stated that the attack surface is now 'impossible to control'. There is also considerable anxiety surrounding emerging technologies, with 79% worrying that innovations such as GenAI are 'changing the game' and leaving them unprepared.

Despite 97% of IT leaders reporting an increase in their cybersecurity investments, more than half still feel less secure today than they did a year ago. Specifically, 61% are not confident that their current level of investment will be sufficient to reduce their overall risk. Ed Russell, CISO Business Manager at Appsbroker CTS, acknowledged the challenging landscape, stating, “As cyber attacks become more frequent, advanced and insidious, continually evolving your cybersecurity measures is the only way to protect against an ever-changing threat. This starts with knowing which investments are having the biggest impact on reducing the attack surface and mitigating risk.”

One notable finding from the report is the pervasive sense of defeat among IT leaders. According to the research, 71% believe that any company claiming to be secure is lying to itself, and 57% think that cyber criminals will keep winning irrespective of investment in cybersecurity. This sentiment highlights a potentially demoralising outlook for businesses striving to safeguard their digital assets.

Specific threats troubling IT leaders include malware, ransomware, or phishing attacks that could halt operations, lack of visibility into unknown security risks, and threat actors stealing identities to access sensitive systems and data. Misconfigurations and the need to patch and rewrite vulnerable applications also rank high on the list of concerns. Ed Russell underscores the importance of continuous monitoring and benchmarking, noting, “Many businesses lack the tools and visibility needed to continuously monitor, test, measure, and benchmark their security posture. Without this insight, it's impossible to know if investments are being directed to the right areas or if existing defences are effective.”

Data governance is another critical issue highlighted in the report. A full 67% of those surveyed said that their inability to apply consistent governance, policies, and controls across environments leads to inconsistent application of security measures. Additionally, 71% noted that a lack of access and control over data exposes them to greater security risks.

In an effort to enhance security, 53% of organisations have adopted some Zero Trust controls. However, the implementation of Zero Trust strategies across all environments is hindered by several barriers, including costs, legacy integrations, organisational complexity, resource limitations, and a lack of necessary skills and understanding.