Recent cyber attacks on º£½ÇÊÓƵ retail heavyweights, including M&S, Harrods and Co-op, have highlighted increasing concerns about the level of cybersecurity readiness among British businesses.
Cisco's latest Index, published Wednesday, reveals that a mere four per cent of º£½ÇÊÓƵ firms are fully equipped to defend against today's sophisticated cyber threats, as reported by .
The report also found that a staggering 83 per cent of º£½ÇÊÓƵ organisations are struggling with a lack of skilled cybersecurity professionals, leaving many crucial security roles vacant as threat levels rise.
"The bad guys are there looking for ways in – and far too many organisations are sitting ducks", Martin Lee, EMEA lead at Cisco Talos, told City AM.
"They have tools, they have a business model, they know how to make money."
A 2024 report from the º£½ÇÊÓƵ's National Cyber Security Centre (NCSC) also cautioned that ransomware groups are adopting more aggressive extortion tactics and increasingly focusing their attacks around AI.
The recent wave of incidents at M&S, Co-op, and Harrods is indicative of a wider increase in attacks on º£½ÇÊÓƵ retail, logistics, and financial firms, with reports of phishing, ransomware, and supply chain compromise becoming increasingly prevalent.
Earlier this year, Pwc highlighted a growing divide between firms proactively investing in cybersecurity and those failing to do so, warning that reactive postures are no longer sustainable in the AI era.
AI outpaces cybersecurity oversight
The report reveals that while 92% of º£½ÇÊÓƵ organisations utilise AI to detect or respond to malware, over 78% have encountered security incidents related to AI in the past year. However, 65% of IT teams reported having little to no insight into employees' use of unauthorised AI tools, leading to concerns about 'shadow AI.'
"People love shiny new tech, and move faster than policy", Lee commented. "We're seeing employees putting confidential company data into AI systems without understanding where the data goes."
Gartner's recent findings corroborate this trend, indicating that over 40% of employees in large enterprises use GenAI tools daily, often without formal guidance or oversight. Lee cautioned that although AI can enhance security monitoring and hasten threat detection, it still necessitates professional supervision for its implementation.
"AI is a force multiplier", he stated, "but people need to scope, implement, and manage it."
Skill shortage hinders response
The issue is further exacerbated by a skills shortage, with nearly half of º£½ÇÊÓƵ firms surveyed having more than ten vacant cybersecurity roles.
Furthermore, only 45% are dedicating more than 10% of their IT budgets to cyber defence, a decrease from 54% last year. "We've never had enough cyber professionals- and we never will," Lee concluded.
"So, let's get AI doing the simple stuff, and use our people for the things machines can't do – like responding to complex incidents and making strategic decisions."
The report also highlighted the increasing challenges posed by security complexity, with over two-thirds of businesses using more than 10 separate security tools.
Such fragmentation can slow down response times and heighten the risk of overlooking threats.
Lee recommended that companies concentrate on bolstering their core defences.
"The biggest advice I can give to businesses is to get the basics right," he stated.
"Cyber criminals are looking for the easiest route in – and if you're better prepared, they'll move on to someone else."
The issue extends beyond the º£½ÇÊÓƵ's borders. "Cybersecurity is a global issue," Lee remarked.
Threats do not adhere to national boundaries.
