UK professional services organisations are subject to multiple cyberattacks every week

UK professional services organisations are subject to more than three cyberattacks every week, with 60% expecting the total number of successful attacks to increase over the next year.

  • Tuesday, 22nd November 2022 Posted 2 years ago in by Phil Alsop

Professional service organisations encompass key industries that are bearing the brunt of cybercrime, according to new research by Keeper Security. The 2022 Professional Services Cybersecurity Census Report reveals that a high number of incidents of cybercrime have been directed at these organisations, with IT Leaders citing an average of 161 cyberattacks over the last 12 months, resulting in both financial and reputational damage. 

 

Almost all (93%) of those surveyed believe the severity of cyberattacks will increase over the next year and that the time taken to detect a cyberattack is increasing. Nearly eight out of 10 (77%) professional services leaders say they need more time when attacks occur, reporting that the time taken to identify and respond to a cyberattack has increased in the past 12 months. An evidently belated response could be compounded by technical deficiencies or internal shortcomings.    

 

Cybersecurity Investments to Mitigate Risk

 

The study also unearthed a discrepancy between awareness of cybersecurity and the investment from leaders in the skills and technologies needed to improve their cyber defences. Twenty percent of respondents did not have a secrets manager to help manage IT secrets such as API keys, database passwords and credentials, and 15% did not have a connections manager to help manage remote access to privileged infrastructures. 

 

If awareness of the skills and technology shortage impacting cybersecurity can be acted on with the investment in the right tools and tech stack, then the professional services industry will be more resilient. However, if this investment is curtailed and compounded by poor internal security training, then the severity and frequency of cyberattacks found in the report will continue to impact businesses. 

 

The Harmful Impact of Cyberattacks on Organisations

 

Nearly a third (31%) of professional services organisations surveyed as part of the study have experienced financial theft, with 42% having between £100,000 and £999,999 stolen. 

 

But financial damage is only one implication of a cyberattack. Reputational damage, compromised supply chains and loss of stakeholder confidence can have enduring effects.  According to the study, nearly half (47%) of professional services firms have experienced reputational damage as a result of a successful cyberattack, with 46% suffering from disruption of partner/customer operations. Notably, 39% experienced loss of a business contract, underscoring the knock-on effects of cybercrime. 

 

Preparing for the future

 

Against the backdrop of rising cybercrime, investment in cybersecurity will be key to safeguarding businesses’ infrastructure. Amongst the surveyed professional services leaders, the study found an appreciation of the growing threat of cyberattacks, however there were differing perceptions of the investment needed and implementation necessary to reinforce their cyber defences.  

 

Rising external threats was ranked as the top cybersecurity concern among 50% of the professional services respondents, with just 3% saying cybersecurity was not important to the C-suite at their organisation. 

 

40% cited the need to address skills gaps within their staff and more than a third (37%) noted the weak link presented to an organisation’s cyber defence through contractors, interns and unsophisticated users inadvertently exposing an organisation to risk.   

 

Darren Guccione, Keeper Co-founder and CEO commented: “Although the professional services community knows that cybersecurity threats will continue to grow and their preparedness shows positive signs, we do not know how resilient they will be in the face of future challenges. The increased amount of time it takes for professional services IT teams to address a cyberattack and the widening scope of damage from a data breach emphasise the need to stay ahead of evolving threats through employee training, adopting the right technologies and implementing best practices.”