More large businesses have a board member taking responsibility for cybersecurity and are increasing budgets.

According to the fourth cybersecurity longitudinal survey, 61 percent of businesses and 51 percent of charities stated they had a board member responsible for cybersecurity - a rise from 55 and 45 percent respectively last year.

Additionally, businesses stated that board members were more likely to be trained in cybersecurity compared to last year, with 21 percent of businesses stating their board members received training several times a year.

Budgets and Spending

Asked to describe their cyber budgets, characteristics of their budgets and attitudes towards their budgets, medium-sized businesses were more likely to state their cybersecurity budget has stayed the same in the last 12 months compared to larger businesses (38 percent vs 27 percent). More large businesses reported either sizeably or somewhat increasing their cybersecurity budget compared to medium businesses (44 percent vs 34 percent).

The survey also found that businesses whom discussed cybersecurity with the board regularly (monthly or more often) were more likely to be influenced by external IT or security consultants than those that only discuss cyber security every time there is an attack. 

Human Error

Human error was also identified as a significant vulnerability in preventing cybersecurity incidents, despite widespread efforts to improve cyber skills among staff.

Phishing attacks, in particular, were highlighted as a recurring challenge, with several participants recounting instances where staff interaction with malicious emails led to cyber security breaches. Also, even when staff possessed the necessary knowledge and skills to mitigate cybersecurity risks, findings suggested that motivation and practical application could be significant barriers.

Consequently, the introduction of new security measures, such as two-factor authentication, was often met with resistance and perceived as disruptive to established workflows. 

Also, while phishing has consistently remained the most experienced cybersecurity incident annually, organisations have reported a higher incidence of email impersonation scams than last year - for businesses up from 43 percent to 56 percent, and from 38 percent to 46 percent for charities.

SC UK covered the various findings of the 2024 survey in these articles.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.