Cyber Mesh Framework

Cyber Threats Outpacing Cyber Security Budgets for UK CNI Operators

Published 31 October 2022

Cyber leaders say it has become harder to detect and respond to threats despite, 7 in 10 increasing cyber budgets 

Reading, UK – 28 June 2022 – Cyber attacks against the UK’s critical national infrastructure (CNI) are significantly outpacing current security budgets, according to new research from UK cyber security services firm, Bridewell.  

The research, which surveyed UK cyber security decision-makers in the communications, utilities, finance, government and transport and aviation sectors, reveals 70% have increased cyber security budgets over the past 12 months. Yet, despite rising investment in cyber security, 69% say it has become harder to detect and respond to threats, 62% say it takes their organisation too long to detect and respond to threats, and 60% admit to still struggling to understand how and why a breach occurred. 

On average, UK CNI operators are now spending 39% of their IT budget on cyber security, with investment predicted to rise by a further 23% in the year ahead. However, the fact that many organisations are still struggling with the volume, sophistication and detection of cyber threats suggests cyber security investment is not being spent wisely. 

Martin Riley, Director of Managed Security Services at Bridewell, comments: “It’s encouraging to see that cyber security budgets are rising, however, without a strategic approach to cyber security transformation and investment, CNI operators risk wasting budget on tools and technology that fail to deliver the visibility and results needed. Operators must re-evaluate how they allocate and use their security budget, so that escalating cyber threats can be tackled with much more robust, proactive, and holistic cyber security approaches, such as threat intelligence and detection and response.” 

Currently, only a quarter say they have a managed detection and response (MDR) solution in place and even less (20%) have implemented extended detection and response (XDR) to enable detection and response capabilities across network, web and email, cloud, endpoint and most crucially, identity.  

Similarly, only a fifth say they have implemented threat hunting and cyber intelligence processes. 

Poor cyber security investment choices could also be causing problems with visibility.  Seven in 10 CNI cyber leaders say they don’t have sufficient visibility across the IT/OT boundary and 64% do not have sufficient visibility over all end user, networks, and systems.  

Problems could also be a result of over investment in security tools with 62% saying the number of security tools within their organisation is unmanageable. On average CNI security teams are now managing 33 security tools, with 35% admitting to managing over 40 tools. Not only does too many tools stretch security teams too thinly across disparate and poorly developed solutions, but it increases the complexity of monitoring, managing, operating, and optimising a technology stack. 

To learn more, download the full report ‘Cyber Security in UK Critical National Infrastructure 2022: Part 2’.