phishing emails
Understaffed IT departments face pressures to address cyber security concerns Pixabay

Daily increases in cybersecurity threats now mean that the standard "business as usual" approach puts firms at risk. According to Steve Hollingsworth, Director at Covenco, a data management and IT Infrastructure firm, and Gurdip Sohal, Sales Director at Covenco, "cyber security threats continue to increase, creating new risks that cannot be ignored."

UK businesses which fail to keep their data safe face fines from the Information Commissioners Office. For example, the construction company Interserve was fined £4,400,000 for failing to secure staff data. Due to insufficient cyber security measures, hackers accessed the data of 113,000 employees through a phishing email. Therefore, there is a clear need for businesses to ensure they meet regulatory expectations on cyber security.

According to IBM's Cost of a Data Breach Report, "for 83 per cent of companies, it's not if a data breach will happen, but when." Furthermore, the Cyber Security Breaches Survey 2022, shows that 39 per cent of UK businesses experienced a cyber attack in the previous 12 months. For medium and large businesses, the average cost of a cyber attack was £19,400.

Cybersecurity pressures burden IT departments alongside demands for greater sustainability. Business leaders face the costs of higher investment to meet Environmental, Social and Governance (ESG) goals. IT departments also face pressures to facilitate home working patterns. Hollingsworth and Sohal question how IT operations can meet these varying demands when "skills and resources are so thin on the ground."

Staff Shortages

Whilst the need for greater cyber security is paramount, "IT teams are being pulled from pillar to post simply to maintain essential services." IBM's report explains how 62 per cent of businesses said their security team was understaffed, with "sufficiently staffed" firms paying less for security breaches.

Hollingsworth and Sohal explain how "faster is always better" when detecting, responding to and recovering from threats. This begs the question of whether overstretched IT teams are sufficiently staffed to minimise the losses caused by breaches. According to research by ManpowerGroup, amidst the wider skills shortage crisis, currently, the most sought-after staff are in IT and Data.

Crucially, Hollingsworth and Sohal argue that an IT partner with "dedicated technical expertise" who assesses "the latest technologies and solutions" is a key asset for IT operations teams seeking to ensure cyber security. These partners can operate without the BAU distractions that burden overstretched IT teams.

China's Role

UK and US concerns lie in the CCP's interest in cutting-edge technologies developed by Western businesses Reuters/Edgar Su

The role of the Chinese government in orchestrating cyber attacks is of concern to national authorities. According to Dario Betti, CEO of Mobile Ecosystem Forum, "China, in particular, has been portrayed as a huge threat to the global West ─ a threat that needs defending against at all costs."

Betti explains how growing cyber security concerns reflect a change in the nature of international relations: "in the bigger geopolitics picture, cyber security is really about cyber politics and cyber economics... Over the next decade, we will see cyber concerns change the global political and economic status quo." Because China "dominate both economically and technologically... the Western world is seeking greater protection of its economy and technology."

For example, in July 2022 the directors of the FBI and MI5 made a joint statement warning of the threat posed by China. Crucially, concerns lie over China's interest in cutting-edge technologies developed by businesses in the West. Cyber attacks are one way that the Chinese government (the CCP) are "working to extract UK advantage." In their words, "If you are involved in cutting-edge tech, AI, advanced research or product development, the chances are your know-how is of material interest to the CCP."

Concerns over China are not limited to the UK and the US. Betti explains how "multiple government and legislative bodies have banned Tik Tok usage by its employees based on fears of profiling and tracing technologies." For example, the European Commission has banned TikTok on its staff phones because of concerns that the Chinese government are "harvesting" data from the app.

Furthermore, Betti explains how there are worries over "Internet of Things (IoT) devices... being used as trojan horses for attacks." For example, he explains how "if every washing machine in the UK switched on simultaneously, for example, it could overload the National Grid while also causing a temporary water shortage."