39% of UK organisations are less vulnerable than one year ago

Nearly 40 percent of UK companies are more secure than they were this time last year, but the threat and consequences of security breaches are still a priority for IT pros.

New research from SolarWinds explored the current state of security preparedness and effectiveness. The survey gathered information from 109 IT practitioners, managers, directors and executives from small, midsize and enterprise companies in the UK. 

Nearly half (43 percent) of IT pros said their organisations didn't experience any breaches in 2015, compared to only 30 percent who did in 2014. More than twice as many (42 percent) said their time to detect a threat decreased in 2015 as opposed to those who said it increased (18 percent).

Respondents who reported that their organisations are now less vulnerable than they were last year found it is due to:

  1. Improved patch management
  2. Implementation of configuration change management, alerting and approval tools
  3. Adoption of intrusion detection and prevention systems/introduction or expanded use of data encryption
  4. Implementation of log analysis
  5. Implementation or improvements to an identity management system

The most critical/very important technologies or practices for ensuring IT security included endpoint security software (81 percent), patch management software (75 percent) and identity and access management tools (68 percent).

Over three-quarters (77 percent) of organisations that suffered a breach in 2015 store customer data, 33 percent of those store data on at least 100,000 customers. While slightly more than a quarter of IT departments (28 percent) expect their organisations to suffer from a security breach in 2016, 79 percent of them store customer data, including 38 percent that store customer banking information.

“The most surprising finding of the survey is just how many UK organisations are less vulnerable today than they were a year ago, and, on a related note, how many have implemented security technologies and better security training. While this is a sign the industry is trending in the right direction, it's important for IT professionals to never get too confident in their organisations' security posture, which could potentially result in overestimating one's defences,” said Mav Turner, director of business strategy at SolarWinds.