In the past year, 98 percent of UK businesses suffered a security incident, a new report from Barracuda Networks shows
The cyber risks facing UK businesses are clearly illustrated in a new report from cloud security solutions provider Barracuda Networks.
The Barracuda Report, entitled ‘The state of industrial security in 2022’, surveyed 800 senior IT managers, senior IT security managers and project managers responsible for industrial Internet of Things (IIoT)/operational technology (OT) in their organization.
The survey found that a significant 98 percent of UK organizations have experienced some form of security incident in the past 12 months.
The Barracuda data also showed that web application attacks were the most common security incident for UK organizations.
In fact, 45 percent of organizations have apparently encountered at least one in the past 12 months.
In addition, 29 per cent of UK companies suffered from malicious external hardware or removable media, 36 per cent suffered a DDoS attack, 31 per cent had been hacked remotely and 29 per cent suffered from a compromised supply chain.
And these attacks are taking their toll.
Nearly one in 10 (9 percent) of UK companies said the worst security incident they experienced in the past 12 months had a ‘significant’ impact on their organization, leading to a complete shutdown of all devices or locations.
In addition, 39 percent said their worst incident had a moderate impact, affecting a large number of devices or multiple locations, and 50 percent said a minimal impact was observed, affecting a few devices or just one location.
Only two percent said no impact was experienced at all.
Downtime for attacks
Downtime for these security incidents ranged from less than a day to up to four days in the UK. The majority of organizations (42 percent) said their top security incident impacted operations for two days.
As a result, 99 percent of all UK IT leaders are at least to some degree ‘concerned’ about the current threat landscape and geopolitical situation, in terms of the impact it could have on their organisation.
“In today’s threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately, IIoT/OT security projects often lag behind or fail other security initiatives due to cost or complexity, leaving organizations at risk,” said Tim Jefferson, SVP . , data, network and application security engineering at Barracuda.
“Issues such as the lack of network segmentation and the number of organizations not requiring multifactor authentication expose networks to attacks and require immediate attention,” said Jefferson.