Four in 10 UK Businesses Still Lack a Cyber Resilience Strategy, Despite Looming Cybersecurity & Resilience Bill

Four in 10 UK Businesses Still Lack a Cyber Resilience Strategy, Despite Looming Cybersecurity & Resilience Bill

‍New Research from Absolute Security Highlights How UK CISOs are Expected to Help Ensure Business and Cyber Resilience Across their Enterprises

‍

LONDON – MAY 21 – Absolute Security, an enterprise cyber resilience leader, today published results from a new survey showing that 1 in 4 (42%) UK-based Chief Information Security Officers (CISOs) have not yet implemented a cyber resilience strategy. This top finding highlights that many UK organisations are not yet aligned with the UK Government’s incoming Cyber Security and Resilience Bill, 

‍

This research comes as the King’s Speech set out the UK Government’s plans to introduce stricter cyber security requirements through the incoming Cyber Security and Resilience Bill, which will see organisations across all sectors expected to improve preparedness for cyberattacks, report incidents more quickly, and strengthen recovery capabilities.

‍

Andy Ward, SVP International at Absolute Security, commented: 

“Cyber Resilience provides the ability to ensure defences are operating effectively and to quickly restore business operations following disruptive cyber incidents and software failures. While it is encouraging to find that many enterprises are moving in the right direction, it is concerning to learn that a high percentage have not yet taken steps to prioritise resilience at the same level as traditional prevention, detection and response.”

‍

This study of 250 UK-based CISOs is the industry’s first research to provide insights into the state of Cyber Resilience, the challenges enterprises face, and steps security and risk executives can take to overcome them. Included in the survey are additional findings: 

‍

• Currently, cyber disruptions are costing UK organisations around $2.5 million per incident, with most experiencing roughly five days of downtime and nearly a quarter (21%) of UK organisations reporting operational disruptions lasting up to two weeks.
• A majority (63%) of CISOs have evolved from being responsible for security and risk only to leading their organisation’s ability to recover business continuity following a cyberattack, ransomware infection, other security incident, or software failure that stops business operations.
• Just under half (41%) of UK organisations have not prioritised cyber resilience over traditional prevention, detection and response. This highlights a dangerous preparedness gap between the evolution of modern threats and the defence strategies many CISOs still rely on.

‍

“Last year, the NCSC highlighted that the UK are experiencing four ‘nationally significant’ cyberattacks per week, and we’ve seen firsthand how these threats can leave companies with long-term financial and reputational damage. With the rise of new Frontier AI models such as Mythos, we now know that most networks and endpoints are more vulnerable than previously imagined. These two factors and our new research make it clear that cyberattacks are a matter of when not if. In this day and age, security teams require a far more resilient, proactive strategy where prevention alone is not enough,” concluded Ward. 

‍

Discover the full findings in the latest edition of The Resilient CISO report series: The Ransomware Reality: Zero Days to Recover

‍

About Absolute Security

Absolute Security is partnered with more than 28 of the world’s leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. 

With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. 

To learn more, visit www.absolute.com and follow us on LinkedIn, X, Facebook, and YouTube.

‍

ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2025, or its subsidiaries. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.

‍

For more information, please contact:

Media Relations
Joe Franscella
press@absolute.com

About Absolute Security

Absolute Security is partnered with more than 28 of the world’s leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. Our award-winning capabilities have earned recognition and leadership status across multiple technology categories, including Zero Trust Network Access (ZTNA), Endpoint Security, Security Services Edge (SSE), Firmware-Embedded Persistence, Automated Security Control Assessment (ASCA), and Zero Trust Platforms. To learn more, visit www.absolute.com and follow us on LinkedIn, X, Facebook, and YouTube.

ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2025, or its subsidiaries. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.

For more information, please contact:

Media Relations
Joe Franscella
press@absolute.com