UK tech leaders prioritize cybersecurity in 2024

(Image by B_A from Pixabay )

Cybersecurity is a higher priority for business technology leaders in the UK than digital transformation and artificial intelligence (AI) in 2024. A survey of technology leaders in the UK run by two networks, UK IT Leaders and the Horizon CIO Network, revealed over half of technology leaders have placed cybersecurity as their number one priority this year. 

Cybersecurity is the number one priority for 58% of UK digital and technology leaders, 10% higher than digital transformation (48%). AI and generative AI are the third highest priority (43%). Other high priorities for the UK's technology leadership community include digital strategy (40%), target operating model (27%), data management (26%), and upgrades or implementations of Enterprise Resource Planning (ERP) platforms (26%). A quarter of business technology leaders continue to focus on cloud computing and the modernization of the enterprise IT infrastructure. 

Business technology leaders are prioritizing cybersecurity in the face of evidence that threat actors are becoming ever more sophisticated and using the latest generation of technology to increase the ferocity of their attacks. Speaking at a Nutanix press conference in the closing weeks of 2023 Adam Miller, CIO for insurance firm Markerstudy said: 

Last week, we were dealing with third parties that had suffered ransomware attacks. As a business, we have a specific focus on ransomware protection, and for that, you need some overlap in the tools for protection.

UK and Ireland CIO for electrical wholesalers Rexel Jevern Partridge says the focus is about more than technology: 

Do your security basics and do them well. It is education, education, education, and give the people in your organization real-life examples because we all get complacent.

With the UK in recession and wars raging in Ukraine and the Middle East, it is understandable that business technology leaders feel the threat landscape is increasing. 

Dave Jones, chair of UK IT Leaders and director of fractional tech leaders firm Digital WOW, says cybersecurity has been the number one priority for members of UK IT Leaders for the last three years. 

The landscape continues to look worrying, with the National Cybersecurity Center (NCSC) of the UK releasing two major threat warnings already in 2024. In January, the NCSC said AI will increase the global ransomware threat level over the next two years. In its report The near-term impact of AI on the cyber threat assessment, NCSC says AI is already being used for malicious attacks. 

In February, NCSC warned operators of critical infrastructure about cyber attacks using 'living off the land' methods where cyber-criminals use native tools within technology and processes to gain access and avoid detection. The NCSC said: 

This kind of tradecraft, known as 'living off the land', allows attackers to operate discreetly, with malicious activity blending in with legitimate system and network behaviour making it difficult to differentiate – even by organizations with more mature security postures.

NCSC went on to cite state-sponsored attacks from China and Russia as the likely attackers. Paul Chichester, NCSC Director of Operations, said:

Threat actors left to carry out their operations undetected present a persistent and potentially very serious threat to the provision of essential services.

Organizations should apply the protections set out in the latest guidance to help hunt down and mitigate any malicious activity found on their networks.

The NCSC is also worried about the business impact of these attacks. Lindy Cameron, NCSC CEO, said: 

With incidents on the rise, it is vital organizations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place. Cyber incidents can have severe impacts on organizations of all sizes, both in the short and longer term, from causing reputational damage to grinding operations to a halt.

Transformation slipping 

Just under half of respondents report that digital transformation is a priority for them as business technology leaders. With 48% of leaders focusing on digital transformation, the UK faces a typically British glass-half-full, glass-half-empty scenario. Worryingly, in 2023, for the second year in a row, the UK slipped down the Digital Competitiveness Ranking assessment of 63 nations. The annual assessment by the International Institute for Management Development looks at the national ability to adopt and explore digital technology for economic change in business, society and the public sector. 

The UK dropped to 14th place in 2022 and 20th place in 2023 as the country continues to struggle with productivity and finding a new set of trading partners. Neighbors  the Netherlands rose to second in 2023. Improvements in private sector cybersecurity, total expenditure on education, and higher education achievements have pushed the Netherlands into second place, just behind tech giants the USA. Fellow European nations Denmark, non-Eu member Switzerland, Sweden and Finland are in the top 10. Professor Arturo Bris, who leads the Digital Competitiveness Ranking says: 

There is ample evidence across our rankings that national competitiveness results from investment in education and the provision of those skills required by the labor market. When it comes to technology and AI, the need is even greater.

Experts argue that the UK has suffered 14 years of real-term cuts to education budgets and, therefore, an ability to provide a skilled workforce. 

Global comparison

The 2023 Digital Leadership Report found that boards place cyber security as their ninth priority for technology to address, with improving operational efficiency, developing new products, and improving customer experience being the top three priorities for global boards. 

Investment management firm SimCorp came to similar conclusions as recruitment services provider Nash Squared. It finds that 54% of global technology investments are focused on improving operational efficiency. The study finds that 46% of global investment is focused on containing operational costs and 40% on improving customer experience. 

Globally, the Digital Leadership Report found that reported major cyber attacks are decreasing, with 23% of respondents reporting a major attack in the last two years. To the point made by CIO Jevern Partridge, the report said that improving education, along with internal controls, is the core focus for protecting the business. Like the NCSC, respondents to this global survey have an increased perception of the risk posed by foreign powers. 

This survey, which took place in January 2024, involved members of UK IT Leaders (72% of respondents). UK IT Leaders is a community of technology leaders and was founded by Dave Jones in June 2018, initially as the Northern IT Leaders before going national a year later. The Horizon CIO Network was formed in 2016 by the author, with 17% of the survey respondents coming from Horizon. Technology leaders responding to the survey come from businesses of 1001 to 5000 staff through to 100-person SMBs. 

My take 

Handy as surveys are, the deeper context is always more interesting and something we will address with digital leaders as the year goes on. There is room for concern that UK technology leaders are struggling to align with the needs of the business, but equally, a growing body of evidence that the threat landscape is increasing. In addition, the UK's economy is, at best, treading water and the impact of cuts in education and business confidence is really beginning to be felt. The Netherlands has many similar economic traits to the UK and felt the impact of the 2008 financial crisis just as keenly, yet it is rising up the digital agenda, as are European cousins Spain and Portugal. 

Businesses cannot be expected to invest in training in an uncertain economy or one with very poor trading relationships. A weak economy exposes chinks in the armour that cyber-criminals will exploit, so it is perhaps inevitable that the UK's technology leaders are prioritising cybersecurity.