70% of UK Critical National Infrastructure (CNI) organisations have increased their cyber security budgets over the last 12 months, according to research Bridewell commissioned among 521 cyber security decision makers. As a result, CNI organisations are now spending 39% of their IT budget on cyber security, and many predict that this will increase by a further 23% in the coming year ahead.
However, while investment is increasing, many are still struggling with the volume and sophistication of cyber threats. Often, they find themselves lacking the capabilities to detect and respond to threats or generate meaningful insight into why incidents are taking place. These capabilities are a fundamental part of an organisation’s cyber maturity, and shortfalls in these areas should inform how they direct their cyber security investment.
How capable organisations across CNI are in these areas is discussed in Part 2 of our research-report: Cyber Security in Critical National Infrastructure Organisations: 2022 (Part 2). Specifically, the research found that:
- 69% of CNI organisations say it has become harder to detect and respond to threats.
- 64% do not have sufficient visibility over all end user, networks, and systems.
- 62% say it takes their organisation too long to detect and respond to threats,
- 60% admit to still struggling to understand how and why a breach occurred.
How Should CNI Organisations Be Investing in Cyber Security?
On the research, Martin Riley, Director of Managed Security Services at Bridewell, commented:
“It’s encouraging to see that cyber security budgets are rising, however, without a strategic approach to cyber security transformation and investment, CNI operators risk wasting budget on tools and technology that fail to deliver the visibility and results needed. Operators must re-evaluate how they allocate and use their security budget, so that escalating cyber threats can be tackled with much more robust, proactive, and holistic cyber security approaches, such as threat intelligence and detection and response.”
With this in mind, organisations should direct investment towards building the capabilities that will effectively increase their cyber maturity. Given that only a quarter of CNI organisations have a managed detection and response (MDR) solution in place and only 20% have implemented extended detection and response (XDR), these would be good places to start.
For organisations who already have these capabilities, the research also found only a fifth have implemented threat hunting and cyber intelligence processes, which are valuable additions to any cyber security programme.
Investment Should Achieve Technology Consolidation
While organisations should be investing in detection and response, cyber intelligence, and threat hunting capabilities, they must be doing so strategically. 62% of respondents reported that the number of security tools within their organisation is “unmanageable”. If organisations don’t consider how they realise these new capabilities, this number could increase further and generate additional management problems.
On average CNI security teams are now managing 33 security tools, with 35% admitting to managing over 40. This stretches security teams too thinly across disparate and poorly developed solutions, while increasing the complexity of monitoring, managing, operating, and optimising a technology stack.
Why Invest in a Cyber Security Services Provider?
To build these new capabilities without creating additional complexity, organisations often choose to work with a cyber security services provider such as Bridewell. In doing so, organisations can integrate the trusted guidance and expertise of certified security specialists into their in-house teams. This allows them to launch new capabilities in a matter of hours or days in an efficient and cost-effective framework.