UK businesses expect cyber security threat to increase

66% of UK business leaders expect the threat from cyber criminals to increase over the next 12 months, according to research from PwC.

PwC surveyed 3,600 business and technology executives from around the world, including 257 in the UK.

Over the past year, a number of prominent ransomware attacks have caused a significant impact on organisations already dealing with the challenges posed by the Covid pandemic. 

There is also now the added threat of ‘ransomware as a service’ in which ransomware developers lease out their malware in exchange for a share of the criminal profits. PwC’s research finds that 61% of UK respondents expect to see an increase in reportable ransomware incidents in 2022. 

UK businesses are concerned about a broader increase over the next 12 months in cyber threats, including business email compromise (61%) and malware via software updates (63%).

Bobbie Ramsden-Knowles, Crisis and Resilience Partner, PwC UK, says: “It’s impossible to ignore the threat from ransomware attacks as criminal groups become more brazen and scale their operations through ‘ransomware as a service’ and the use of affiliate criminal groups.”

“Ransomware has the potential to rapidly disrupt an organisation’s entire business, across geographies and functions. For organisations without a framework for managing enterprise wide crises there is an acute need to develop and embed one, to be able to respond to this type of disruptive event in a coordinated way.” 

Ramsden-Knowles adds: “Whereas other types of crises may be perceived as 'black swan' events that can not be predicted, ransomware attacks have become so widespread that we have seen a common set of challenges and decisions that all organisations would face.”

“Developing - and aligning - ransomware playbooks for executive crisis teams and operational responders is a no-regrets move. And, testing these through wargames and exercises can reduce uncertainty, build confidence in the ability to respond and help prioritise focus on preventative measures.”

The increased complexity of some organisations’ operations due to growth, mergers and acquisitions, or the rapid adoption of new technologies has made them more difficult to properly secure. In fact, 86% of UK respondents said that complexity in their organisation creates concerning levels of risk. 

This concern is primarily caused by a network of multi-vendor environments. 64% of UK respondents expect a jump in attacks on their cloud services over the next year. However, only 41% profess to have an understanding of cloud risks based on formal assessments. 

Similarly, 63% of respondents say their organisations expect a rise in breaches via their software supply chain, yet only 42% have formally assessed their enterprise’s exposure to this risk. 

Cyber security budgets set to rise

63% of UK organisations are increasing their cyber security budgets over the coming year.

This compares to 56% in last year’s PwC survey. Furthermore, 24% plan to increase their cyber security spend by 10% or more.