Across the globe, IT and security teams are facing a perfect storm of challenges. But research from a new Google Workspace survey, Security at a tipping point, suggests that in the UK, IT and security leaders are feeling the pressure more acutely than many of their global counterparts. In fact, the average cost of a data breach in the UK is 3.5 million GBP, which is 7.6% higher than last year.
The results point to two key factors driving this trend: the burden of legacy technology and the rapid rise of generative AI, both of which are contributing to an increasingly complex and challenging threat landscape.
Legacy Tech: a growing liability in the Digital Age
While many organizations rely on legacy systems, they are increasingly a liability in today’s rapidly evolving digital environment. The survey indicates that 75% of UK security leaders believe legacy technology has left them ill-equipped to handle the challenges of modern security threats, compared to 59% globally. This reliance on outdated technology is creating vulnerabilities that cybercriminals are all too eager to exploit.
The problem is compounded by a reluctance to embrace change. The survey notes that organizations often opt to expand their existing security tools rather than replacing outdated tools with more modern, secure-by-design solutions. 62% of security decision-makers globally admitted to simply expanding their security tools rather than replacing them. This piecemeal approach to security not only fails to address the root of the problem but often exacerbates it by creating a complex and unwieldy security environment that is difficult to manage effectively.
Generative AI: navigating the path to responsible innovation
Generative AI is revolutionizing the way we work and live, bringing a wealth of opportunities. However, while AI can significantly enhance security, it also introduces new risks that require attention.
The survey highlighted this duality, revealing that 77% of UK security leaders believe that generative AI usage has contributed to a rise in security incidents. This figure, 12 percentage points higher than the global average (65%), underscores the need for proactive measures to address the evolving security landscape. UK organizations have also been slow to act on these concerns: Only 27% of UK respondents said that they had introduced generative AI-specific security policies, compared to the global average of 41%.
This increase in security concerns related to AI can be attributed to several factors, including the rise of “shadow AI” inside of companies – the use of generative AI tools that haven’t been vetted and authorized by the IT and security teams. The challenge isn’t that AI is inherently riskier, it’s that unsanctioned and ad hoc use of “shadow AI” inside of companies creates an extremely challenging task for security administrators to protect what they can’t see and can’t measure. Enterprise-grade solutions, like Gemini for Workspace, offer a safer alternative that gives organizations the ability to get the most out of AI along with the security, compliance and confidentiality controls necessary to make it safe.
UK IT and security teams at a breaking point
The combined pressure of legacy technology and “shadow AI” has taken a toll on IT and security teams in the UK. 43% of UK IT and security leaders report that their teams are overwhelmed and burned out by security threats, 15 percentage points higher than the global average. This burnout is a clear indicator that the current approach to security is unsustainable and that a fundamental shift is needed.
So what can UK organizations do to address these challenges?
- Embrace modern, secure-by-design solutions: Moving away from legacy technology and adopting solutions that are secure by design is essential. Modern solutions, like Google Workspace, were designed to effectively address vectors where most attacks start, such as phishing, stolen credentials, and software exploits.
- Change can be made in small steps: Modernizing your entire legacy software ecosystem can seem daunting, but meaningful security gains can be achieved in a phased approach with a minimal impact on end users. For example, by deploying Chrome Enterprise for your users, you can provide them with a secure browsing experience using a web browser that many already know and love.
- Prioritize account security: A significant proportion of successful cyberattacks begin with a compromised user identity. Organizations need to strengthen their defenses in this area by implementing strong authentication measures, such as two-factor authentication (2FA) and phishing-resistant Titan Security Keys.
- Leverage AI for added protection: AI can help protect organizations against emerging threats. For example, AI defenses in Gmail already use large language models (LLMs) to better defend against spam and phishing attempts. In fact, thanks to LLMs, 20% more spam and 120 million phishing attempts are automatically blocked by Gmail every day.
- Foster a culture of security: Security is not just the responsibility of the IT and security departments; it is everyone’s responsibility. Organizations need to cultivate a culture of security where everyone understands the importance of protecting sensitive data and is empowered to take proactive steps to do so.
The security landscape is constantly evolving. Organizations in the UK that fail to adapt and invest in a more modern and holistic security approach risk falling victim to increasingly sophisticated and costly cyberattacks from commercially-driven criminal groups to state-sponsored adversaries. Watch this webinar to learn how digital workplace solutions from Google can help enable safer work across your organization.