Mixed uptake of Proactive Cybersecurity

Mixed uptake of Proactive Cybersecurity

  • Friday, 2nd May 2025 Posted 13 hours ago in by Phil Alsop

Trend Micro has published a study revealing that seven in ten UK organisations have experienced security incidents due to unknown or unmanaged IT assets as attack surfaces continue to expand with the rise of generative AI, remote working and use of IoT devices.

The research, which surveys 100 UK cybersecurity leaders as part of the global study finds that almost all (96%) of respondents point to employees’ use of third-party AI tools as an area of concern that’s widening attack surfaces.

Added to that, 38% believe that the proliferation of Shadow IT is creating blind spots, which are likely acting as “unknown” assets serving as the trigger for security incidents.

Misalignment on the impact of Shadow IT and AI

When asked about their approach to attack surface management, however, 82% of UK respondents say their current resources are adequate for addressing attack surface challenges and reducing business risk. On average, 29% of their cybersecurity budgets are allocated to attack surface management.

There is a clear disconnect between these confidence levels and the number of organisations experiencing breaches via unknown IT assets.

Gaps in attack surface visibility

When digging deeper, the data reveals that a misaligned view of attack surface management could also be due to how proactive teams are in discovering what the real risk is. Over a quarter (28%) admit their organisation is addressing cybersecurity issues on a reactive basis, and only 43% proactively leverage dedicated attack surface management tools.

Added to that, 52% of UK cybersecurity leaders only carry out periodic audits or third-party assessments to manage risk, with fewer than half (48%) regularly updating and patching software and systems.

Addressing cybersecurity issues on a reactive basis makes it inevitable that organisations will be on the back foot in the event of a compromise via unmanaged or unknown IT assets. Even for those who claim to be responding to issues proactively, a lack of auditing, regular updates and use of dedicated attack surface management tools amounts to blind spots that can still see these organisations caught by surprise.

Promising supply chain awareness

Elsewhere in attack surface management, the study found that 56% of UK cybersecurity leaders report regularly assessing and monitoring third-party vendors for security vulnerabilities and factoring security into vendor onboarding.

This indicates a growing recognition of the cyber risks lurking in supply chains highlighted in major cyber incidents over the past three years. Almost all (89%) surveyed are pen testing or conducting vulnerability assessments monthly, with 38% doing so weekly. This will further strengthen efforts to manage cyber risks posed by third parties and the role they play in attack surfaces.

Bharat Mistry, Field CTO at Trend Micro said “The enterprise AI genie is out of the bottle and IT security leaders need to get a grasp on the implications. Attack surfaces are expanding through both authorised and unauthorised uses of IT. A proactive strategy leveraging techniques that anticipate and limit cyber threats before they cause damage is the only answer. Our study shows real progress that’s being made in managing growth in attack surfaces via third-party suppliers, but also food for thought on where our industry can go further to establish truly proactive defences that tackle new AI-based threats as well as attack surface blind spots that act as an entry point for attackers.”

High-profile cyberattacks highlight a recurring issue: employees are often the weakest security link.
New research from Ventrica shows that UK companies can’t afford to replace humans with AI in customer service enquiries, with an emotive experience...
Kubernetes has firmly transitioned from an emerging technology into a core part of enterprise production environments, according to a new survey from...
Findings from ‘Unlocking Growth in the Mid-Market: The Node4 Report’ point to a lack of alignment around AI investment, public cloud consumption,...

AI causes cyber resilience rethink

Posted 12 hours ago by Phil Alsop
Unveiled at the RSAC™ Conference, the 2025 LevelBlue Futures Report finds only 29% of executives are prepared for AI-powered threats, despite...

4 in 10 UK CIOs warn of unrealistic board expectations

Posted 13 hours ago by Phil Alsop
A new survey commissioned by Expereo exposes the true roadblocks to UK AI plans - poor infrastructure, resistance from employees, unreasonable...
Kubernetes complexity drives surge in demand for enhanced observability tools

AI 'empowers' CFOs

Posted 3 days ago by Phil Alsop
Half (48%) of UK CFOs have been given additional responsibilities outside of their remit including in sustainability, cybersecurity, and HR. 76% of...