The company’s 2021 Cybersecurity Census Report has also revealed that almost half (48 per cent) of IT decision makers working at professional services companies have kept a cybersecurity attack on their organisation to themselves, raising questions about how badly affected businesses really are by these attacks.
Professional services companies in the UK have experienced 62 cyberattacks in the last 12 months – or one every six days, according to new research by Keeper Security.
Professional service organisations, including law, accountancy and consultancy firms, are increasingly becoming a lucrative target for cyber criminals as the rewards for managing to breach such organisations are vast, given the amount of sensitive data available. It therefore comes as no surprise that IT is now the top investment priority (47 per cent) for business leaders in the professional services sector. Nearly all (95 per cent) of these organisations know where the gaps in their cybersecurity defences are but many are clearly struggling to fully address them.
Cybersecurity education and a lack of skills throughout the organisation are proving to be significant issues at professional services businesses wanting to bolster their cyberdefences. 65 per cent of IT leaders agree that there is a cybersecurity skills shortage within their organisation and over half (59 per cent) for example believe that employees don’t understand the cybersecurity implications of poor password hygiene.
“The days of random cyberattacks are long gone and hackers are identifying new industries to exploit. So it comes as no surprise that accountants, law firms and other professional services organisations are now in the cross hairs of cyber attackers,” explains Keeper Security CEO and co-founder, Darren Guccione. “Clear IT policies and powerful solutions that include a zero-trust and zero-knowledge approach to cybersecurity are essential for professional services companies in the UK wanting to close the gap between where they currently are on their cybersecurity journey and where they want and need to be to adequately protect themselves against these attacks.”
Almost three-quarters (74 per cent) of IT leaders from the professional services sector who participated in the cybersecurity census would also like to see cybersecurity become a board-level issue with the introduction of a dedicated cybersecurity specialist on the board to monitor the state of a business’ cybersecurity defences.
A large majority (85 per cent) also believe more external oversight and accountability, an independent body for cybersecurity modelled on UK telecom regulator, Ofcom, would be an effective way to reduce cyberattacks in the UK. Almost all (93 per cent) are also calling for legislative change that requires businesses to have basic cybersecurity protection in place before being allowed to operate.