UK sectors investing the most and least on cyber security in 2018-19

Cyber Security in 2019

In today’s digitally driven economy, IT security has become a central issue for organisations of all sizes. Understandably so, given how a cyber-attack/breach can compromise critical business functions within seconds and leave reputation as well as finances in turmoil.

The frequency and severity can be exhibited by statistics from Hiscox. The insurance provider found that 55% of UK firms have already faced a cyber-attack this year (2019) and losses from breaches have accounted to an astonishing £176,000 on average.  

Cyber Security Investment 2018-19: The Research

Specops Software analysed the latest findings from Gov.uk to see how much 1,091 UK firms from a range of sectors have invested in cyber security during 2018-19 (April 2018 – March 2019).

Additionally, 2018-19 cyber security investment figures were compared to 2017-18 (April 2017 – March 2018), to see if year-on-year cyber security investment had increased or decreased for each of the reviewed sectors.

Cyber Security Investment 2018-19: The Findings

Specops Software found that finance and insurance firms have invested the most on cyber security, at a significant £22,050. This represents an increase of 23% from the previous year (2017-18), where finance and insurance companies were spending £17,900 on average.

Thereafter, firms in health/social care/social work invested the second highest amount on cyber security at £16,800. From the considered sectors, it marked the biggest rise (an astronomical 506%) in cyber security spending when compared to the year before (2017-18) – where the average outlay was only £2,770.

Contrastingly, businesses in the food and hospitality industry invested the least financially, at an average of just £1,080. Despite the low sum, it was still an increase of 20% from 2017-18 – when firms within the sectors were spending £900 on average.   

Specops Software’s four top tips for effectively maintaining high cyber security standards

Review IT Estate

Carry out a regular assessment of IT systems to identify any vulnerabilities that maybe targeted and exposed by opportunistic cyber-criminals.

Education and Governance

Create a formal document which establishes the firm’s best practices and policies on cyber security. Within this, give employees clear guidance on what they can and cannot do on the company’s IT devices/systems/networks.

Safeguard and Protect

Keep anti-virus software up-to-date, apply the latest security patches and enforce password changes when compromise is suspected.

Sharing Intelligence

If your organisation becomes aware of any serious cyber threats that may not only affect the business directly but also competitors, then it would be wise to share this ‘intelligence’ among peers/industry groups. By doing so, you do not only create a network of valuable information exchange but help protect one another from crippling cyber-attacks/breaches.

(Last updated on September 27, 2024)

Back to Blog

Related Articles

  • PCI compliance requirements in the UK

    In 2018, criminals successfully stole £1.4 billion through fraud and scams. Now more than ever, businesses that processes cardholder data look to the Payment Card Industry Data Security Standard (PCI DSS) for security recommendations. PCI DSS is a set of security standards introduced to the UK in 2006. PCI compliance is required for any business…

    Read More
  • Free tool identifies AD password security weaknesses

    Specops Password Auditor allows organizations to take stock of current Active Directory password policies and other security-related vulnerabilities. Scans Active Directory Identifies stale admin and user accounts Checks password policy strength and compliance Easy to export reports Free download or available with Specops Password Policy Stockholm, <February 7, 2017> – Specops Software announced today the…

    Read More
  • New MFA requirements for PCI password compliance

    The Payment Card Industry Data Security Standard (PCI DSS) regulates security practices to protect cardholder data. Password compliance plays an important role in the PCI standards by dictating password complexity to strengthen defense against unauthorized access. New requirements coming into effect this January demand multi-factor authentication (MFA) for administrators, and anyone with remote access. PCI…

    Read More