View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

UK Far Outstrips US in Penetration Tests

Views on cloud, mobile security also differ starkly

By CBR Staff Writer

While 56 percent of UK companies have hired an outside organisation to undertake penetration tests to judge the security of their network, only 17 percent of US companies have done the same.

That’s according to a report by Swedish based cybersecurity analysts Outpost24 based on two surveys; one carried out at London’s Infosecurity Europe conference and another at San Francisco’s RSA, both in 2018.

Both, admittedly, had a pretty small sample size: The UK figures are from a survey carried out on 269 security professionals during Infosecurity Europe 2018. While the US number are based on a survey of 155 security professionals at RSA 2018.

Ignoring Critical Flaws

Six percent of UK companies meanwhile admitted that they have ignored a critical security flaw, citing a lack of necessary skills, when surveyed by Outpost24.

However, this pales when compared to the admittance of US organisations who replied that they have ignored 16 percent of critical security flaws.

Commenting in the release of the two reports Bob Egner VP of products at Outpost24 said: “Ignoring a critical security incident is asking for trouble. The US regularly tops the list of most attacked countries, so security professionals should be taking this threat very seriously and doing all they can to minimise their attack surface,” he added.

Gov’t to put new cybersecurity measures in place for smart devicesVulnerable Technology

Within UK organisations, mobile devices are seen as the most vulnerable technology ranking at 37 percent. The Internet of Things (IoT) was a close second, with 34 percent stating it is their organisations least secure technology.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

For US businesses however, cloud infrastructure and applications were deemed to be the least secure technology by 24 percent of those questioned. IoT devices also ranked second for the US companies with 23 percent claiming it was their main concern.

It is worth noting that only seven percent of the UK companies survey thought that cloud infrastructure and applications was a main concern.

Mr Egner commented that: “Our survey results suggest that businesses are adding technology as a key element of their strategy but not preparing their security teams with the skills and resources to keep up. Hackers understand there are key areas of technology which organisations will often overlook in terms of cyber-security.”

“A comprehensive security posture covers the full stack – network infrastructure, cloud environments, applications, mobile devices and even people,” he added.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.