Large businesses floundering to tackle cyber threats

Large businesses find it significantly more difficult to manage their cyber security than their smaller counterparts, new research from IDEE has revealed. The cyber security firm commissioned an independent survey of more than 500 IT and cyber security professionals within UK businesses. It found that 74% of respondents from large businesses (more than 500 employees) believe it has become far more challenging to defend against cyber attacks since the Covid-induced rise of remote and hybrid working – only 50% of respondents from small businesses (less than 50 employees) said the same thing.

Just 36% of small businesses said that a lack of skills and knowledge is a major cyber security challenge. In comparison, this figure rose to 68% among large businesses. Meanwhile, 54% of large businesses said they need to simplify their cyber security solutions so that staff can properly engage with them, but this figure drops to 36% among small businesses. Further, while 74% of large businesses said human error is the greatest threat to their cyber security, only 41% of small businesses agreed with that same statement.

However, while evidently struggling more to protect their IT systems, large businesses were found to be far more aware of the risks they are facing and the implications of them. For instance, 92% of respondents from large businesses said they understand the financial costs that are associated with a cyber breach, compared to 73% of respondents from small businesses. The survey also found that 32% of respondents from small businesses are unaware of the reputational cost of a cyber attack, but only half as many (16%) respondents from large organisations were similarly unaware.

Al Lakhani, CEO of IDEE, said: “The lyrics ‘mo money, mo problems’ spring to mind when looking through these statistics. On the one hand, cyber security professionals in large businesses clearly have a better grasp on the cyber threats they face and the damage that can be done, but they still struggle much, much more to defend against them.

“More employees, more systems, larger supply chains, reliance on legacy IT – there are numerous reasons why cyber security becomes more challenging the bigger a business gets. But recent headlines of breaches involving the Bank of America breach underline that enterprises are also a victim of their own outdated, backward approach to cyber security.

“Account takeover is only possible in three ways – credentials compromise, vulnerabilities, and backdoors. Shockingly, more than 80% of attacks occur due to credentials compromise. But too many blue chips still rely on detection methods that have consistently fallen short in foiling account takeover attacks, rather than embracing preventative solutions. So, I hope that now marks the turning point in eliminating credentials-based attacks and that, as an industry, we turn to a digitally secure future built on transitive trust and identity proofing.”