Report reveals UK professional services organisations are subject to multiple cyberattacks every week

Report reveals UK professional services organisations are subject to multiple cyberattacks every week

Professional service organisations encompass key industries that are bearing the brunt of cybercrime, according to research by Keeper Security.

The 2022 professional services Cybersecurity Census Report reveals that a high number of incidents of cybercrime have been directed at these organisations, with IT leaders citing an average of 161 cyberattacks over the last 12 months, resulting in both financial and reputational damage.

Almost all (93%) of those surveyed believe the severity of cyberattacks will increase over the next year and that the time taken to detect a cyberattack is increasing. Nearly eight out of 10 (77%) professional services leaders say they need more time when attacks occur, reporting that the time taken to identify and respond to a cyberattack has increased in the past 12 months. An evidently belated response could be compounded by technical deficiencies or internal shortcomings.

Cybersecurity investments to mitigate risk

The study also unearthed a discrepancy between awareness of cybersecurity and the investment from leaders in the skills and technologies needed to improve their cyberdefences. A low number (20%) of respondents did not have a secrets manager to help manage IT secrets such as API keys, database passwords and credentials and 15% did not have a connections manager to help manage remote access to privileged infrastructures.

If awareness of the skills and technology shortage impacting cybersecurity can be acted on with the investment in the right tools and tech stack, then the professional services industry will be more resilient. However, if this investment is curtailed and compounded by poor internal security training, then the severity and frequency of cyberattacks found in the report will continue to impact businesses.

The harmful impact of cyberattacks on organisations

Nearly a third (31%) of professional services organisations surveyed as part of the study have experienced financial theft, with 42% having between £100,000 and £999,999 stolen.

But financial damage is only one implication of a cyberattack. Reputational damage, compromised supply chains and loss of stakeholder confidence can have enduring effects. According to the study, nearly half (47%) of professional services firms have experienced reputational damage as a result of a successful cyberattack, with 46% suffering from disruption of partner/customer operations. Notably, 39% experienced loss of a business contract, underscoring the knock-on effects of cybercrime.

Preparing for the future

Against the backdrop of rising cybercrime, investment in cybersecurity will be key to safeguarding businesses’ infrastructure. Among the surveyed professional services leaders, the study found an appreciation of the growing threat of cyberattacks, however, there were differing perceptions of the investment needed and implementation necessary to reinforce their cyberdefences.

Rising external threats were ranked as the top cybersecurity concern among 50% of the professional services respondents, with just 3% saying cybersecurity was not important to the C-suite at their organisation.

Less than half (40%) cited the need to address skills gaps within their staff and more than a third (37%) noted the weak link presented to an organisation’s cyberdefence through contractors, interns and unsophisticated users inadvertently exposing an organisation to risk.

Click below to share this article

Browse our latest issue

Intelligent CIO Europe

View Magazine Archive