UK firms say 90 percent of cyberattacks are avoidable

Despite many businesses citing cybersecurity as a top priority, senior leaders are more likely to invest in it only after suffering a damaging attack

Posted 22 June 2022 by Christine Horton

Nine out of 10 business leaders whose organisations have experienced a cyber breach say most cyberattacks were avoidable.

A survey by Tanium entitled Cybersecurity: Prevention Is Better than the Cure also shows that despite this awareness, IT teams neglect to implement preventative cybersecurity measures for reasons such as a shortage of technical skills and budget-allocation delays from boards of directors. 

“Many organisations focus too much on cybersecurity point solutions like antivirus, rather than adopting a holistic, data-driven approach to prevention,” said Oliver Cronk, chief architect, EMEA, Tanium.

“As our research shows, many damaging security incidents – even those resulting from more sophisticated attack vectors – could have been prevented. In fact, more than half of the breaches we see could have been avoided by maintaining baseline cyber-hygiene standards. The current situation is the equivalent of leaving your front door and windows open and only locking them after a burglary has taken place.” 

C-suite investment only after an attack

Ninety-two percent of organisations surveyed have experienced a breach at some point in the past, 82 percent within the last 24 months, and 73 percent in the last 12 months.  

Eighty-six percent of organisations compromised by a breach in the last six months believed that more investment in preventative measures such as tools or staff training, would have minimised incidents. 

Eight out of 10 percent of C-suite decision makers believe the risk of cyber threats is increasing and expect 2022 to be the worst year yet in terms of the number of attacks. 

For IT decision makers that experienced a cyberattack in the last six months, 86 percent feel that senior leadership is likely to invest in cybersecurity only after suffering an attack; 75 percent state that “some cybersecurity incidents needed to happen” in order to get increased investment from leadership.  

Loss of productivity resulting from downtime is cited as the most damaging impact of a cyberattack (56 percent of all respondents).