To make cybersecurity awareness month in October, QA, the UK’s leading IT training company, conducted a survey of 300 cyber and C-suite professionals across all industries, to benchmark the status of cybersecurity in British corporations.
QA found that 37% of surveyed organisations admitted they had suffered a cyberattack in the previous 12 months—although the firm suspects the true number is higher. Negative impacts from these attacks included loss of revenue, and data and negative PR. However, some cited a positive impact: an impetus to change their policies and procedures to better equip them to deflect and handle future attacks.
However, a majority (57%) of organisations don’t believe they have the right balance of skills to protect themselves from cyber onslaughts. But many are proactively investing in developing these skills within their organisation, starting with employee awareness. Employees who lack knowledge of cybersecurity become easy targets of hackers, phishers and scammers and are organisations’ biggest liability.
A quarter of respondents report that they are planning to invest in employee awareness about cyber threats and training over the next 12 months. 22% will focus on upskilling their current security teams and 18% on cross-skilling their IT teams.
However, when they look outside their organisation for people knowledgeable about cybersecurity, many firms come up short. Among organisations reporting they have unfilled security roles, 64% say those roles have been unfilled for three months or more.
This failure to find talent might be because some companies aren’t investing in the salaries of cybersecurity professionals. While 43% of organisations say salaries for those positions have risen over the previous 12 months, 41% report that those wages have been stagnant over the past year.
Meanwhile, all industries feel the threat of cyber attacks. 56% of the respondents to QA’s survey said they thought the cyber threat landscape has become “much worse” in recent years.