Four-in-five organisations deprioritised cybersecurity in 2021 - research

Research by CyberArk shows one in five organisations deprioritised security investment in 2021

Organisations have taken a step back with cybersecurity in favour of accelerating other digital business initiatives, new data shows.

Research by identity security and access management company CyberArk shows one in five organisations deprioritised security investment in 2021.

This is despite over 70 per cent having experienced at least one ransomware attack in the last 12-months.

The statistics were published in CyberArk's latest report, which identifies how the rise of human and machine identities - often running into the hundreds of thousands per organisation - has driven a buildup of identity-related cybersecurity "debt".

It's figures reveal that 79 per cent of senior security professionals agreed their organisations prioritised maintaining business operations over ensuring robust cyber security in the last 12 months.

And less than half (48 per cent) have identity security controls in place for their business-critical applications.

It also found 62 per cent have done nothing to secure their software supply chain post the SolarWinds attack while 64 per cent admitted a compromise of a software supplier would mean an attack on their organisation could not be stopped.

Udi Mokady, founder, chairman and CEO of CyberArk, said: "The past few years have seen spending on digital transformation projects skyrocket to meet the demands of changed customer and workforce requirements.

"The combination of an expanding attack surface, rising numbers of identities, and behind-the-curve investment in cybersecurity - what we call Cybersecurity Debt - is exposing organisations to even greater risk, which is already elevated by ransomware threats and vulnerabilities across the software supply chain.

"This threat environment requires a security-first approach to protecting identities, one capable of outpacing attacker innovation."

Rich Turner, SVP EMEA at CyberArk, added: "Turbulent recent times have meant UK organisations have had to quickly rethink and adapt to changing market conditions. Primarily, this meant an acceleration in their digital strategies as they sought to increase agility and underpin competitiveness.

"The pivot to digital though, with the associated creation of huge numbers of human and machine identities, has not been matched by investments in the cybersecurity tools and programmes to secure these identities, the majority of which have access to sensitive assets and data within the organisation.

"This has created an identity-centric attack surface that is ripe for exploitation, added to the risks from ransomware and software supply chain attacks that firms in the UK are also having to deal with; paying down this cybersecurity debt with a security-first approach to protecting identities should be a priority for 2022."