A recent IT report from Acronyms has revealed some concerning gaps in cyber resilience among businesses, highlighting a lack of IT strategies, limited adoption of security standards, and insufficient staff training. In a time when cyber threats are evolving rapidly, these findings underscore the importance of taking proactive steps to protect systems, data, and operations. Here’s a closer look at the key insights from the report and how businesses can strengthen their defences.
1. Lack of IT Strategy Leaves Businesses Vulnerable
The report found that 56% of businesses don’t have an IT strategy in place or aren’t aware of one. Without a clear strategy, organisations are more vulnerable to cyber attacks and operational disruptions. An IT strategy provides a framework for managing technology, implementing security controls, and ensuring continuity in the face of threats. Without a strategy, businesses risk not only financial loss but also damage to their reputation and customer trust.
2. Cyber Essentials: A Missed Opportunity for Protection
Despite the rise in cyber crime, 46% of businesses have no plans to obtain Cyber Essentials accreditation—a government-backed certification that helps protect organisations from common cyber threats like phishing, malware, and ransomware.
Cyber Essentials is one of the most cost-effective ways to improve cyber security. It covers five key areas: firewalls, secure configuration, user access control, malware protection, and patch management.
3. Staff Cyber Awareness Training is Overlooked
People remain the first line of defence against cyber threats, yet the IT report revealed that 50% of businesses do not conduct regular cyber security awareness training. Human error is one of the leading causes of cyber breaches, often exploited through phishing scams and social engineering tactics.
Regular training empowers employees to spot suspicious activity, avoid clicking malicious links, and report threats promptly. Cyber security isn’t just about technology—it’s about building a culture of awareness and resilience.
4. Increasing IT Spending Without a Clear Plan
While 57% of businesses plan to increase their IT spending next year, many lack a strategy to guide those investments. Without clear objectives or key performance indicators (KPIs), it’s difficult to assess whether the money spent is actually improving resilience.
Investing in technology is important, but it needs to be aligned with a well-defined IT and cyber security strategy. This ensures resources are directed towards the right areas—such as system upgrades, training, and incident response—rather than reactive spending after an incident has occurred.
5. Poor Incident Response Planning
Perhaps one of the most concerning findings from the report is that only 41% of businesses have an incident response plan in place. When a cyber attack happens, time is critical. Without a clear, pre-defined plan, organisations risk significant financial losses, operational disruption, and reputational damage.
An incident response plan outlines the steps to take when an attack occurs, from identifying the threat and containing the damage to recovering systems and communicating with stakeholders.
How the SWCRC Can Help
The Acronyms report highlights the urgent need for businesses to prioritise cyber resilience, and that’s where the South West Cyber Resilience Centre can help. We offer:
Free Guidance and Support: Practical advice for improving cyber security and building resilience.
Cyber Essentials Support: Access to affordable certification through our CyberPATH programme.
Training and Awareness: Resources to educate staff and reduce the risk of human error.
Incident Response Planning: Tailored plans to help businesses respond quickly and recover effectively.
Take Action Today
Cyber threats are constantly evolving, and the gaps identified in the Acronyms IT report show just how vulnerable many businesses remain. Whether it’s developing an IT strategy, securing Cyber Essentials certification, or training staff to spot threats, taking proactive steps now can prevent costly incidents in the future.
📖 Read the full Acronyms report here: https://www.acronyms.co.uk/it-report/