In-House Cybersecurity Initiatives on the Rise
Recent research conducted by IT services firm Advania reveals a notable trend among mid-market organizations in the UK: an increasing inclination to manage cybersecurity operations internally.
This shift appears to be driven by a waning trust in external technology providers.
The data further illustrates the mounting pressure on internal teams, with 65% of mid-sized businesses now opting to handle their own security measures, reflecting a compelling push towards self-sufficiency.
This insight is part of Advania’s report titled Building Core Resilience 2025, which engaged a diverse sample of 1,236 IT decision-makers across Northern Europe, including 500 respondents from the UK.
The escalation in self-reliance aligns with a discernible drop in confidence regarding external technology partners.
Specifically, 40% of UK participants express the sentiment that vendors prioritize their larger enterprise clients over mid-market firms—a significant increase of 12% compared to last year’s findings.
Moreover, many respondents felt that vendors were predominantly focused on pushy sales tactics rather than on delivering tailored solutions, while a mere 11% believed that their vendors acted in their best interests.
Pravesh Kara, director of security and compliance at Advania UK, underscored the risks tied to such self-reliance, cautioning that it could “easily slip into overconfidence.”
He noted, “Even large enterprises with dedicated teams have been caught off guard by modern attacks. Without independent validation and external expertise, mid-sized organizations risk combating yesterday’s threats with outdated defenses.”
Understanding Internal Threats
The report further highlights a concerning trend: IT leaders now identify internal threats as being more disruptive to their cybersecurity strategies compared to external ones.
Notably, 57% of participants cited issues like staff turnover, skill gaps, and poorly aligned strategies as significant challenges.
Financially, the most pressing budgetary concern for UK firms appears to be increasing software licensing fees (53%), followed closely by supplementary cloud services (43%) and the maintenance of redundant or decommissioned products (42%).
Furthermore, reputational damage, exacerbated by recent high-profile breaches, now eclipses recovery costs in significance, compelling organizations to reassess their cybersecurity return on investment. According to Kara, the most significant vulnerabilities often lie internally.
“If your strategy, training, and communication are not aligned from the board down, even the most advanced technology will falter,” he emphasized.
“This misalignment leads to escalated remediation and legal costs, increasingly becoming the focus of cybersecurity expenditures.”
Enhancements in Security Awareness Training
The report also indicates that there have been advancements in cybersecurity awareness training among mid-market enterprises in the UK. Currently, 32% of businesses are providing monthly training sessions—an increase from 22% last year.
However, with around two-thirds still attending less frequently, Kara indicated that further efforts are necessary. “Security awareness should be a continual practice, interwoven into daily operations,” he commented.
“Real-time guidance and positive reinforcement during critical moments are far more effective than sporadic training and assessments.”
Source link: Itpro.com.
