The insider threat, AI, ransomware, deepfakes and malware are the top five cyber security threats for mid-market companies in the UK.

This is amongst the findings of Node4’s Mid-Market IT Priorities Report 2024, which explores confidence levels in the face of rising attacks, cyber security solution adoption trends and barriers to successful cyber security policy implementation.

Node4’s survey of IT decision makers in private healthcare, transport, retail, finance and insurance also identified DDoS attacks, supply chain vulnerabilities, phishing, zero-day attacks and scams/fraud amongst the remaining top ten cyber risks for the coming 12 months.

Commenting on the findings, Paul Bryce, managing director at Node4, notes: “The high level of concern around insider threats could be attributed to the large number of job transitions and redundancies over the past 12 months, coupled with the growing reliance on contractors to address IT and cyber security skills gaps. It might also be linked to long-term, security-related worries, flexible working and the increased potential for cyber attacks on a distributed workforce.”

Node4’s new research also points to significant adoption of pre-crime and preventative cyber security measures, with around 40% of respondents stating they currently have dark web intelligence and incident response capabilities –  suggesting a growing level of maturity in cyber security policy adoption across the mid-market.

The report’s findings suggest a high degree of optimism surrounding cyber security defence capabilities, according to Bryce. Over three-quarters of IT decision-makers said they were confident in their organisation’s ability to prevent and respond to cyber-attacks, despite the research being conducted at a time of increased cyber security attacks aimed squarely at small and mid-sized organisations. Breaking down these results by vertical sector, IT decision-makers working in private healthcare were the most confident, while those in retail were least so.

Over a quarter of respondents told Node4 that they believe AI could expose their organisation to new cyber security risks in the future and that dealing with AI-related threats is their top priority for the next 12 months.

“Our findings show that many mid-market organisations are working hard to implement more mature and effective cyber security measures, which is encouraging given that the combined impact of lower budgets, fewer resources and a shortage of in-house skills could easily hamper these efforts,” Bryce added. “However, around a quarter of respondents stated that a lack of suitable services from cloud providers, primary tech partners and MSPs was a principal barrier to doing so. This suggests the mid-market relies increasingly on third-party support to do the heavy lifting for its cyber security strategy implementations – and will lean on it to an even greater degree as cyber criminal threats become even more complex, harder to spot and difficult to repel.”

The Mid-Market IT Priorities Report 2024 was based on a survey conducted independently and exclusively for Node4 by Censuswide amongst 503 IT decision-makers across private healthcare, transport, retail, finance and insurance. The survey was conducted amongst heads of IT, IT directors, CIOs, CTOs and IT managers in companies with 100 to 1,000 employees.

---