Email Security

    State of Email Security 2023: U.K. Rises to Challenges 

    Cyberattacks continue to grow and change, according to Mimecast’s new report on email security, but many British companies have more budget and staff to fight back.

    by Johan Dreyer

    Key Points

    • 2023 promises to be another year of stubbornly high cyber risk in the U.K., according to Mimecast’s new State of Email Security 2023 report.
    • The risk landscape is shifting, with fewer ransomware attacks but more exposure on collaboration platforms.
    • British companies have been shoring up their budgets, staff, and technology to keep attacks from landing.

    British security professionals express growing confidence in the face of mounting email-borne cyberattacks, in Mimecast’s new State of Email Security 2023 (SOES 2023) report. Incoming attacks will be greater in number and more sophisticated this year, they say. Yet, their email protections are stronger and security staff is more robust than last year.

    These and other country-level findings from the global SOES 2023 survey set the stage for a detailed analysis of how U.K. companies protect their communications, people, and data from malicious email, the starting point of most cyberattacks. The report also compares U.K. trends and attitudes with peers around the world, drawing on a survey of CISOs and other IT professionals in late 2022 across 12 industrial sectors and 13 countries.

    U.K. Sees Shifting Pattern of Cyber Risks

    British businesses face serious security challenges in the coming year, but they’re more prepared to fend them off, they say. Some specific trends include:

    • Sophisticated Attacks: Nearly three-quarters (73%) of U.K. respondents say their biggest challenges include the increasing sophistication of cyberattacks, up from only about half (53%) last year.
    • More Attacks: Some six in 10 (64%) cite the growing volume of attacks as 2023’s biggest challenge, up from only about half (54%) last year.
    • Fewer Staffing Issues: Staffing is less of a problem in 2023 (by 11 percentage points), with under one-quarter citing insufficient security staff as a challenge.
    • Easing Budget Constraints: Getting sufficient cyber funding is significantly less of an issue (by 18 percentage points) than last year, with around two in 10 respondents citing it as a challenge.

    The upshot is that U.K. respondents say there’s a lower likelihood that their businesses will suffer this year from an email-borne attack. Around three in 10 (29%) see this risk as extremely likely or inevitable in 2023, where more than four in 10 (43%) had projected such an outcome in 2022. By comparison, a greater number (42%) of U.S. and E.U. respondents say cyber harm to their business from an email-borne attack is extremely likely or inevitable this year, compared to their U.K. counterparts.

    Perhaps fueling Britons’ confidence is their limited incidence of ransomware. Only 15% of U.K. respondents say their companies’ operations were significantly impacted by ransomware in the last 12 months, down from 37% in 2021. By comparison, 33% of U.S. and 36% of E.U. companies experienced such an impact in the past year. Another good sign is that, to date, the U.K. has not suffered the cyber fallout expected from the war in Ukraine, according to the U.K.’s National Cyber Security Centre (NCSC).[1] Still, the agency warned against complacency about this risk, noting that the U.K. is the third most targeted country for cyberattacks, behind the U.S. and Ukraine.

    Board-Level Support on the Rise

    Cybersecurity is prioritized at the top of many U.K. companies. More than four in five (82%) board members and senior management rated it a fairly to very high priority in 2022, the NCSC said, up slightly from the year before.

    In fact, according to a C-suite survey by the PwC management consultancy, nearly half of U.K. top management views a “catastrophic” cyberattack as their top risk scenario in 2023, ahead of such issues as recession, a new pandemic, and inflation.[2] 

    Across the world, “boards and top executives have begun to acknowledge the risk,” according to the SOES 2023 report. “This is pivotal, because once cyber preparedness becomes a business priority, it is only a matter of time before companies work out the ways and means to implement it.”

    Digitization, Collaborative Work Increase U.K. Companies’ Exposure

    Nine in 10 U.K. companies say they are more exposed to cyber risk today due to the increased digitization of their operations over the last two years, according to PwC. Hybrid work using collaboration platforms is a big part of that picture.

    In the SOES 2023 survey, U.K. respondents are more emphatic than peers around the world in characterizing collaboration tools and platforms as essential to their day-to-day operations, registering 10 percentage points higher than the global average. That said, the vast majority worldwide describe at least some level of reliance on collaboration tools.

    The problem is that collaborative tools have become a new favorite target of cyberattackers. About two-thirds of U.K. security professionals say that collaborative work exposes them to new threats and security loopholes that urgently need to be addressed. Nearly the same number believe that the security features built into these tools for conferencing, communications, and file sharing are insufficient to meet their needs. One-third of U.K. respondents say their companies have seen an increase in attacks via collaboration platforms in the past year, on par with their E.U. counterparts.

    How U.K. Companies Are Building New Cyber Strengths

    As cybercriminals innovate and accelerate their attack modes, some British companies are bolstering their defenses with artificial intelligence (AI), though not to the extent of their peers in the U.S. and E.U.

    Only about one-third of British respondents to the SOES 2023 survey say they use AI today, compared to a global average of nearly half. About half of the U.K. companies that do use AI say they are seeing benefits including better threat detection, prevention, and remediation, as well as a reduction in their security team’s workload due to AI’s support of automated detection and response.

    Another defensive move many U.K. companies are making is to integrate their disparate security tools into stronger, unified ecosystems. British SOES survey respondents who use application programming interfaces (APIs) to integrate their endpoint, cloud, email, and other security tools cite an average 21% increase in operational efficiency. Many see automation as the biggest benefit of security integration.

    The Bottom Line

    British companies continue to face severe cybersecurity risk, with nearly three-quarters reporting that attempted email attacks grew in the last 12 months. Some cyberattack methods have receded while others are gaining ground, as companies’ attack surfaces have expanded and cybercriminals use new technologies to accelerate and innovate their exploits. Many U.K. security professionals are also arming themselves with new technologies, using AI to automate operations in more tightly integrated security ecosystems. Learn more in the global State of Email Security 2023 report.


    [1]Cyber Security Breaches Survey: 2022,” U.K. National Cyber Security Centre

    [2]Cyber Security Outlook 2023,” PwC

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page