Cyber security ‘blind spot’ leaves businesses exposed, Azets finds

A “significant blind spot” is leaving UK businesses exposed to cyber security threats, with just one in five businesses reporting having suffered a cyber security incident in the past 12 months, according to new research by UK accountancy and advisory firm Azets.

Some 74% of UK respondents to the Azets Barometer January 2024 survey reported no incidents, while a further 2% preferred not to say and 5% said they aren’t sure. Of the 20% that did report an incident, 16% claimed to have suffered just one, with 4% admitting to ‘several’.

The report also revealed that there’s a marked difference in larger companies, particularly upper medium sized businesses, where the rate of reporting no incidents is 18% higher than the overall average. Among the highest revenue businesses, with incomes between £50m-£99.9m, an “overwhelming” 90% report no incidents, exceeding overall survey averages by 40%.

Paul Kelly, UK head of cyber services at Azets, believes these results could indicate a lack of awareness or ability to detect incidents such as a data breach or ransomware attack, even among the UK’s biggest businesses.

He said: “Based on the number of cyber attacks in total last year, it’s estimated that there are more than four cyber attacks against UK businesses every minute. This doesn’t reconcile with 74% of businesses claiming not to have suffered a single incident at all in the past 12 months.

“Even those reporting a single incident are likely to have been targeted more frequently than they realise. It only takes one successful attack to create serious problems. A lack of education or technical expertise around cyber security risk are often contributing factors to blind spots that leave businesses exposed to potentially catastrophic financial and reputational damage. This could impact not only their business but their customers, and their customer’s customers.”

According to Azets, there is evidence that businesses are looking to enhance cyber security measures, with strategic investment in cyber security scoring an average of 6.3 out of 10 (0=decrease significantly; 10=increase significantly), as respondents’ biggest priority for the next 12 months.

The Azets Barometer provides insight into the current and future business climate through the perspective of mid-market, owner-managed, and family-owned businesses in the UK, Ireland, Norway, Finland, Sweden, and Denmark.

Kelly added: “Cyber security can be costly, but it should be viewed as an investment that will save your business significant amounts in the long-term by protecting against incidents against the backdrop of an ever-increasing threat landscape.”