There are many ways in which any company that is substantially digitised needs IT support. It may involve maintaining hardware, providing services like VOIP, or through the installation of new software and services like the use of the Cloud for storage.
Among the most important of the issues that must be addressed is cyber security. All the facilities and access to data in the world are of little use if hackers can steal sensitive information or denial of service attacks can prevent you from using your systems.
Moreover, in a world where cyber criminals are not just mischief makers and thieves but state-backed operators keen to cause economic and systemic disruption, the importance of security is growing.
For that reason, some recent survey data may make for curious reading. The S-RM Cyber Security Insights Report 2023 found that among firms responding to its survey, only 49 per cent said investment in technology was ‘high value for money’ in the financial year ending in 2023, compared with 58 per cent in 2022 and 59 per cent in 2021.
Commenting on the findings, Consultancy.uk observed that doubts are increasing because while the overwhelming majority of firms (97 per cent) are investing in AI technology designed to improve security through measures like real-time threat detection and automated risk and compliance, only 53 per cent think they can secure those tools.
The reasoning behind this is that the introduction of new tools may in itself bring new vulnerabilities into the landscape, which clever cyber criminals may be able to exploit.
From the perspective of the S-RM report, it is not hard to see why firms should be concerned. Even with significant investments in IT security, 63 per cent of survey respondents have reported a major cyber incident within the last three years, with the direct cost to firms of an incident rising by 11.7 per cent since 2022.
What should be understood, therefore, is that questions about value for money are not based on a general doubt about whether investment in IT security is a wise and necessary thing, but represent some pessimism about just how valuable it will be in an age when the cost impact of a cyber breach is increasing.
Indeed, the fact that security budgets rose three per cent may be taken as a signal; that cutting back on spending in this area is not on most firms’ agendas. This is a key point for companies to note when setting their budgets for 2024.
The fact remains that big attacks continue to hit organisations large and small across the UK and elsewhere. For instance, a recent attack on the British Library by hackers Rhysida saw over 600GB of data stolen in a ransomware attack.
As well as 490,000 individual files, the attack also saw the theft of personal data of many readers and visitors, who will now be contacted personally by the library. In the meantime, the library’s website remains down.
How the British Library will respond in terms of building up its future security remains to be seen, but it is likely they will certainly see the value of more investment in this area.