Large businesses floundering to tackle cyber threats

New research conducted by IDEE has uncovered that managing cyber security poses a greater challenge for large businesses compared to their smaller counterparts.

The cyber security company carried out an independent survey involving over 500 IT and cyber security professionals across UK businesses. Results showed that 74% of participants from large businesses (with more than 500 employees) found defending against cyber attacks increasingly difficult following the rise of remote and hybrid working due to Covid-19, compared to only 50% from small businesses (with less than 50 employees) expressing the same concern.

The survey highlighted a significant disparity in perceived cyber security challenges related to skills and knowledge: only 36% of small businesses viewed this as a major issue, whereas the figure jumped to 68% for large businesses. Furthermore, 54% of respondents from large companies indicated the need to simplify their cyber security solutions to enable proper staff engagement, a sentiment that was less common among small businesses, at 36%. Additionally, 74% of large businesses identified human error as the biggest threat to their cyber security, in contrast to 41% of small businesses agreeing with this assessment.

Despite facing more obstacles in securing their IT systems, large businesses showed a higher level of awareness regarding the risks and consequences of cyber breaches. A notable 92% of large business respondents were aware of the financial implications of a cyber breach, compared to 73% from small businesses. Moreover, the survey revealed that 32% of small business respondents were not aware of the reputational costs associated with a cyber attack, whereas only 16% of respondents from large organisations shared this lack of awareness.

Al Lakhani, CEO of IDEE, said: “The lyrics ‘mo money, mo problems’ spring to mind when looking through these statistics. On the one hand, cyber security professionals in large businesses clearly have a better grasp on the cyber threats they face and the damage that can be done, but they still struggle much, much more to defend against them.

“More employees, more systems, larger supply chains, reliance on legacy IT – there are numerous reasons why cyber security becomes more challenging the bigger a business gets. But recent headlines of breaches involving the Bank of America breach underline that enterprises are also a victim of their own outdated, backward approach to cyber security.

“Account takeover is only possible in three ways - credentials compromise, vulnerabilities, and backdoors. Shockingly, more than 80% of attacks occur due to credentials compromise. But too many blue chips still rely on detection methods that have consistently fallen short in foiling account takeover attacks, rather than embracing preventative solutions. So, I hope that now marks the turning point in eliminating credentials-based attacks and that, as an industry, we turn to a digitally secure future built on transitive trust and identity proofing.”