Only a quarter (25%) of business leaders across EMEA are confident in their current cybersecurity practices.

That’s according to a study commissioned by VMware in partnership with Forbes Insights, which shows UK businesses are trapped in a routine of spending without adequately assessing the needs of their organisation.

Three quarters (78%) of business and IT security leaders believe the cybersecurity solutions their organisation is working with are outdated, despite 40% having acquired new tools over the past year to address potential threats.

Seventy four percent, meanwhile, reveal plans to invest even more in detecting and identifying attacks in the next three years, despite having a multitude of products already installed – a quarter (26%) of businesses currently have 26 or more products across their enterprises for this. 

The apparent hope of UK businesses to spend their way out of security crises is coupled with a significant security skills gap: just 16% of UK respondents state extreme confidence in the readiness of their organisation to address emerging security challenges, with only 14% extremely confident in the readiness of their people and talent.

The report concludes that, despite British businesses shoring up their defences against an evolving threat landscape, the complexity surrounding multiple cybersecurity solutions is making it harder for organisations to respond, urgently adapt or improve their strategies. In fact, a third (34%) of IT security leaders state it can take up to an entire week to address an issue. 

Ian Jenkins, Director, Networking and Security UK & Ireland, VMware, said: “Businesses across the UK and beyond continue to follow the same IT security paths, and yet expect to see different results. Yet we now live in a world of greater complexity, with more and more intricate interactions, more connected devices and sensors, dispersed workers and the cloud, all of which have created an exponentially larger attack surface. Investment in traditional security solutions continues to be dwarfed by the economic repercussions of breaches.”

The lack of confidence highlighted in this study sits within a chasm forming between business leaders and security teams. In the UK, only a quarter (24%) of IT teams consider C-suite executives in their organisation to be ‘highly collaborative’ when it comes to cybersecurity. Across EMEA, meanwhile, only 27% of executives and only 16% of IT security practitioners say they are collaborating in a significant way to address cybersecurity issues.

Jenkins added: “Modern-day security requires a fundamental shift away from prevailing preventative solutions that try to prevent breaches at all costs. British businesses must invest in solutions that make security intrinsic to everything – the application, the network, essentially everything that connects and carries data. Breaches are inevitable, but how fast and how effectively you can mitigate that threat and protect the continuity of operations is what matters. Combining this approach with aculture of security awareness and collaboration across all departments is crucial to driving cyber best practice forward, and helping enterprises in the UK and across EMEA stay one step ahead in the world of sophisticated cybercrime.”