Only 47% of organisations feel confident in their understanding of the cybersecurity threat landscape for their business, according to new research from Rackspace Technology. In addition, only two fifths (39%) of UK businesses feel confident in their ability to respond to incidents today.
A look into the UK business cybersecurity landscape
Constantly evolving security threats and attack methods, as well as increasing attack opportunities as data volumes, digital operations and remote work continue to grow, are cited by three fifths (60%) of the UK’s IT leaders as the greatest cybersecurity challenges their organisation is currently facing.
In the face of this threat landscape, further concern is raised by the finding that more than half (53%) of IT decision makers don’t have the capability today to identify security incidents across multicloud environments, though they do feel confident they will have it in the next three years. When it comes to mitigating threats, only 38% of those surveyed feel confident in addressing them today, and only 36% feel assured in addressing regulatory compliance.
In relation to data, just two in five (41%) are currently confident in their ability to protect critical data and warehouses, with a further 45% believing they will reach that point in the next three years. And when it comes to assessing cybersecurity capabilities and needs on a periodic basis, only two in five (42%) felt comfortable in this area.
The talent and skills gaps
Contributing to or explaining some of the ongoing challenges, almost half (44%) of companies are finding it hard to retain and recruit cybersecurity talent, though a similar proportion (45%) are confident in their internal initiatives in terms of cybersecurity talent retention.
The cybersecurity skills touted as the most important were cloud security (42%) and data privacy and security (40%). Despite its importance, a third (32%) of companies feel the biggest cybersecurity skills gap is in relation to cloud security.
Addressing the cybersecurity gaps with third-party providers
In the face of staffing and skills concerns, more than half of UK businesses (55%) rely on in-house staff with some external third-party help. A similar number (56%) said they use up to five external partners to provide cybersecurity. When looking into the types of cybersecurity partner the businesses engage with, the most sought-after are Security Value Added Resellers (47%), Managed Security Service Providers (45%) and Managed Detection & Response Providers (41%).The top three areas of cybersecurity most likely to be handled by external partners are around integrated risk (44%), application security (44%) and data security (37%).
When asked to report their companies’ overall level of maturity in cloud security, 35% said they were at intermediate level, having to rely on third-party tools built for cloud security. An additional 32% described themselves as cloud-centric, meaning they use native tooling mixed with third-party tooling.
Andy Brierley, UK General Manager at Rackspace Technology, said: “Cybersecurity is one of the most important digital elements for UK businesses, but also the trickiest to address. This is particularly true due to the accelerated pace of digital transformation across key sectors.
“Given the current digital skills gap and ongoing recruitment challenges, it is important that businesses seek further support from third-party partners to help identify and address their weaknesses.
“Factors such as the evolving threat landscape, remote working conditions and talent shortages all feed into the varying security needs from one business to the next. What is increasingly clear is that few businesses have all bases covered – people, processes and technology in place – when it comes to a mature cybersecurity model. Working with a partner that can bring these specialist skills and tailor them to specific requirements is an increasingly popular and effective way to ensure and increase overall confidence in addressing cybersecurity needs.”