UK healthcare businesses have experienced 31 cyber incidents on average over the last 12 months, according to a new report out today.
Despite over two thirds (69%) of healthcare organisations spending more than £25,000 a year on cyber protection, it found that 31% of executives think their cyber security budget is inadequate to fully protect them from growing threats.
The data comes from iomart and Oxford Economics’ ‘State of cyber security in the UK 2023’ report, which surveyed 45 healthcare executives as part of a wider survey of 500 UK businesses.
It found 25% of healthcare sector businesses agree that budget constraints continue to be one of the biggest barriers for improved cyber security, while over half (56%) have seen an increased frequency of threats from ‘bad actors’ over the past two years.
Insurance costs rising
The rising cost of cyber insurance premiums is one of the biggest financial outlays, with 64% of healthcare businesses noting a rise over the last two years.
With the cost of remediation and other business expenses, such as energy, on the rise, researchers say stretched budgets are causing blind spots in companies’ cyber strategies.
Of the 500 businesses surveyed, only 37% of respondents have security embedded into all their business processes and functions, while 14% admitted that security is only addressed on an ad hoc or as-needed basis.
Meanwhile during the Covid-19 pandemic, 41% of organisations were forced to sacrifice cyber security to keep the lights on, including 35% of healthcare businesses.
Lack of skills
The report also found that a lack of key skills remains one of the main concerns to tackling rising cyber threats.
Under half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).
Lucy Dimes, chief executive of iomart – a cloud computing and IT managed services business – said the report was a temperature check on the cyber challenges facing healthcare and other businesses.
She warned: ‘The abundance of personal data the healthcare sector holds, as well as the large number of devices – which can often be outdated – deployed across medical facilities make it a prime target for cybercriminals. And while it is clear that the threat of cybercrime is rising, there’s a lack of confidence in organisations’ abilities to protect themselves against it.
‘There are many factors at play that are influencing this, from rising energy costs and increased insurance premiums to skills shortages and staff burnout, which are causing huge challenges for businesses.’
Despite these challenges, the healthcare sector is optimistic about the role of nascent technologies such as artificial intelligence (AI) and machine learning (ML).
Over a quarter (29%) believe the use of AI and ML will be a major trend in cyber security over the next two years, particularly to support with email screening (67%) and contextual analysis (60%).
The ‘State of cyber security in the UK 2023’ report surveyed 500 executives from a range of industries — most with more than 1,000 employees — all based in the UK.
See the full report online here: Security’s Lament: The state of cyber security in the UK