Nationwide survey reveals Cyber Security lessons for IT departments

by Holly Burnett 10 December 2020

There was a 44 percent increase in Cyber Security firms between 2017 and 2019, a 37 percent increase in Cyber Security workers and a 46 percent rise in associated revenue. Historically Cyber Security has only accounted for approximately 5 percent of the IT budget; however, the Cyber Security: Building Business Resilience report claims that spending on Cyber Security will double to £136bn this year.


COVID-19 and the working from home era have initiated a new drive to protect businesses. To understand more about the future of Cyber Security, Crimson and threat intelligence specialists, Cyjax developed a nationwide Cyber Security survey to share insights amongst the technology community. Survey respondents included CIOs, CISOs, IT Directors and other C-level representatives from a range of sectors.

 The survey revealed that Cyber Security has climbed the priority ladder by around 44 percent during 2020, and that it is more visible on the board's risk register; perhaps because 62 percent of respondents said they experienced a rise in attacks. The report also uncovers the most common types of attacks during 2020 and the monitoring tools that have been put in place by organisations.

 The findings suggest outsourcing Cyber Security expertise will continue to rise as companies struggle to source talent or develop the skills in-house. Whilst outsourcing enables agile working, experts warn against taking people out of the equation.

 "Without people, you're dead. If you operate within the philosophy that the three pillars of security are people, process, and technology, never remove people from the first position in that statement. They are not the weakest link in an organisation; they are the strongest.

Mike Thompson, Information Security Manager, Zen Internet. 

 However, the survey concluded that Penetration Testing was one of the most outsourced services in 2020. The report also shares Cyber Security products purchased by IT departments and what’s in their armoury for 2021. 

 Threat intelligence was identified as a critical aspect of next year’s Cyber Security strategy and the need for sophisticated training programmes that prevent Cyber Criminals from infiltrating organisations over several months.

 "I have seen more spear phishing and an increase in ‘long term’ attacks where the target staff member is be-friended over time. Training is key here. Using intelligence to inform defensive investment decisions will be crucial for 2021."

Lisa Forte, Partner, Red Goat Cyber Security.

With stretched IT budgets and remote working set to continue Cyber Security will remain a challenge for most organisations and their people. Andy Basham, Senior Recruitment Consultant at Crimson who commissioned the nationwide survey said:

 “This report is a step in the right direction towards sharing best practice and negating 'cyber-attack shame.’ It can happen to anyone, and we shouldn't feel isolated by that, we must do our best to ensure we have suitable safety nets in place. I want to thank Cyjax, our contributors, and everyone that participated in this important survey. Crimson intend to publish this report as an annual benchmarking tool."

The report, which is now available to download, examines seven key areas: accountability, security culture, risks and threats, compliance, outsourcing, resourcing, and the future of Cyber Security.

Download the report here: 

On Thursday 21st January, Crimson and Cyjax will be hosting a live webinar to discuss the implications of the results with several Cyber Security experts. Details of this event are yet to be confirmed, but you can register your free place here: 

Topics: CDO, Cyber Security, CTO, Covid-19, IT leaders, CISO