Absolute Security Survey Reveals UK CISOs Ignore NCSC Guidance

Over one-third (35 per cent) of Chief Information Security Officers (CISOs) admit to ignoring the National Cyber Security Centre's (NCSC's) cybersecurity guidance. This finding and others were revealed in a new survey and report from Absolute Security, a global leader in enterprise cyber resilience.

This finding was despite 48 per cent of respondents revealing that their organisation was hit by a ransomware attack over the past year. The NCSC has issued regular guidance warning of increased ransomware threats over that time frame as well as procedures for incident response.

These findings and more were uncovered in the Absolute Security United Kingdom Cyber Resilience Report 2024, providing a look at the state of cyber resilience, security, and AI across the UK. To compile the results, Absolute surveyed 250 UK CISOs at enterprise organisations, via independent polling agency Censuswide.

Additionally, two-thirds (64 per cent) feel that the UK has a poor cyber resilience strategy, failing to define clear response policies to recover from cyber breaches, while 77 per cent believe the UK is falling behind the US and EU when it comes to national cyber policies. This may offer a possible explanation for CISOs ignoring NCSC guidance.

"Ransomware and state-sponsored attacks are increasingly on the rise, both of which are a case of when, not if. Now, more than ever, organisations need a robust cyber resilience strategy in place to respond and recover from attacks when they happen," said Andy Ward, VP International for Absolute Security. "While no set of standards or frameworks will eliminate the certainty of an eventual incident, NCSC guidance is there to help protect CISOs, who shouldn't just ignore nationwide protocols. Disregarding NCSC advice puts organisations at much greater risk. It jeopardises jobs, causes significant financial and reputation damage, and potentially even heaps personal liability on security leaders."

Responding to the findings, Absolute customer Bharat Thakrar, CISO/CTO of CyberBTX, commented: "The fact that 35 per cent of CISOs ignore NCSC guidance is alarming. Ignoring these guidelines not only undermines organisational security, but also exposes their sensitive data to significant risks. Adhering to these standards is crucial for robust cyber security."

Mobile and Remote Threats Persist

Cyberattacks have more than doubled since the start of the Covid-19 pandemic, according to the IMF, with 72 per cent of CISOs stating that remote working has complicated their organisation's cyber resilience posture.

In total, 73 per cent believe that remote working devices are the biggest weakness for their organisation, as these devices often operate weeks or even months behind most enterprise patching policies.

These devices also grapple with essential security tool failures. When unsupported by remediation capabilities, Endpoint Protection Platforms (EPP) and network access security applications fail to operate effectively 24 per cent of the time, opening high-risk security gaps. All these findings are supported in the recent Absolute Security Cyber Resilience Risk Index 2024.

"The increased attack surface facing organisations due to remote devices presents a difficult challenge for CISOs as they ward off the rising number of cyber threats. Implementing an approach of cyber resilience can significantly bolster cyber defences through increasing visibility for CISOs and their security teams."

"Adopting technology that can continuously monitor remote devices, applications and networks can alert centralised security teams to suspicious behaviour, giving them the ability to freeze or shut off potentially compromised devices to prevent threat actors from moving laterally across a network and causing major damage. These devices can then be repaired to patch up weak security controls and mitigate future cyber risks," added Ward.

To learn more and read the full report, visit the Absolute Security blog: Survey Says UK CISO's Top Threats are Ransomware and Mobile Work

To learn more about how Absolute Security addresses identified threats and CISO concerns, visit stand F-149 at Infosec Europe 2024.

About Absolute Security

Absolute Security is partnered with more than 28 of the world's leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by 21,000 global enterprises, and licensed across 14 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. Our award-winning capabilities have earned recognition and leadership status across multiple technology categories, including Zero Trust Network Access (ZTNA), Endpoint Security, Security Services Edge (SSE), Firmware-Embedded Persistence, Automated Security Control Assessment (ASCA), and Zero Trust Platforms. To learn more, visit www.absolute.com and follow us on LinkedIn, X, Facebook, and YouTube.

ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2024, or its subsidiaries. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols tm and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.