{"id":10252,"date":"2025-12-12T07:52:04","date_gmt":"2025-12-12T07:52:04","guid":{"rendered":"https:\/\/www.advantagego.com\/en-us\/?p=10252"},"modified":"2025-12-12T07:52:06","modified_gmt":"2025-12-12T07:52:06","slug":"are-companies-choosing-the-cyber-protection-they-truly-need","status":"publish","type":"post","link":"https:\/\/www.advantagego.com\/en-us\/content\/are-companies-choosing-the-cyber-protection-they-truly-need\/","title":{"rendered":"The Big Question: Maturity vs hype. Are companies buying the right cybersecurity for where they really are?"},"content":{"rendered":"\n<p><em>The need for cybersecurity is never far from the media headlines and the boardroom agenda.<\/em><\/p>\n\n\n\n<p><em>Late last month the UK, Australia and the United States announced they had hit back at illicit Russian networks enabling cyber attacks round the world.<\/em><\/p>\n\n\n\n<p><em>Media Land, a Russian cyber crime group, has been described as one of the most significant operators of so-called \u201cbulletproof\u201d hosting services, which provides online infrastructure that enables cyber criminals to engage in illegal activity, including ransomware and phishing attacks.&nbsp;<\/em><\/p>\n\n\n\n<p><em>Cyber criminals hiding behind Media Land\u2019s services have been responsible for ransomware attacks against the UK which pose what has been described as \u201ca pernicious and indiscriminate threat\u201d with economic and societal cost, as well as malware and phishing campaigns.<\/em><\/p>\n\n\n\n<p><em>Cyber attacks are estimated to have cost British businesses \u00a314.7 billion in 2024, accounting for 0.5% of GDP and growing every year.\u00a0<\/em><\/p>\n\n\n\n<p><em>Insurers have been working with clients to bolster cybersecurity systems in an effort to prevent attacks. It has created a new breed of cybersecurity companies which are providing ever sophisticated and robust defenses to cyber criminals who continue to create new ways to access company systems.<\/em><\/p>\n\n\n\n<p><em>However, do we run the danger that the race to cybersecurity is leaving some companies struggling to understand and implement the systems at their disposal and with it create new risks?<\/em><\/p>\n\n\n\n<p><strong><em>Lee Williams, Head of AdvantageGo<\/em><\/strong><\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Nick Walker, Regional Director, EMEA at NetSPI says the market needs to understand the security it needs and whether it can get best use out of the systems installed.<\/p>\n\n\n\n<p>\u201cIn cybersecurity, ambition often outruns ability,\u201d he adds. \u201cThe market is overflowing with advanced offerings like red teaming, adversarial simulation, and full-spectrum testing, that sound like badges of sophistication. They can be powerful, but only when an organization is ready to use what they reveal. Too many businesses chase the advanced before they\u2019ve mastered the basics, when what they really need is preparedness.<\/p>\n\n\n\n<p>\u201cThat\u2019s not just wasteful; it\u2019s risky. Running a red team exercise before you\u2019ve even set up endpoint detection is like asking an architect to test a wall before the concrete\u2019s dry. You\u2019ll get a handsome report, but the real cracks will still be there. Worse, executives walk away thinking the job\u2019s done when all they\u2019ve really done is tick a box.\u201d<\/p>\n\n\n\n<p>Walker continues: \u201cAcross the UK, the gap between cyber ambition and actual readiness is widening. The government\u2019s Cyber Security Breaches Survey 2025 found that nearly half of businesses were hit by an attack last year. Yet only 27% have board level responsibility for cybersecurity, and fewer than one in five trained staff within the past twelve months. Spending is up, awareness is up, but capability isn\u2019t keeping pace.<\/p>\n\n\n\n<p>\u201cIn highly regulated sectors such as finance and utilities, that maturity is built into daily risk management. Elsewhere, in manufacturing, logistics, retail, charities, it\u2019s much less consistent. Many are told to \u2018think like a bank\u2019 without the people, the processes or the visibility to act like one. They overreach, paying for services they can\u2019t yet turn into real protection.<\/p>\n\n\n\n<p>\u201cImagine a mid-sized company that commissions a red team before it\u2019s even carried out a proper penetration test. The exercise might show how easily an attacker could slip through, but it won\u2019t reveal the full range of weaknesses that made that breach possible. Without a clear map of its vulnerabilities, or a routine for patching them, the business learns little it can act on. A few months later it pays for another simulation instead of fixing the underlying flaws. That\u2019s not resilience &#8211; that\u2019s fatigue disguised as progress.\u201d<\/p>\n\n\n\n<p>He adds red teaming and adversarial testing can be hugely valuable in the right conditions. They expose weaknesses that audits might miss and teach teams to think like attackers. Without basic visibility, they\u2019re little more than theatre. A business without Endpoint Detection and Response, regular patching or an incident-response plan isn\u2019t defending itself, it\u2019s watching someone else rehearse the attack.<\/p>\n\n\n\n<p>\u201cThis points to a deeper problem,\u201d Walker continues. \u201cCybersecurity has become performative. Too many boards and vendors treat it as a showcase of capability rather than a process of learning. Providers can push what sounds impressive, while buyers want what looks advanced. Both end up skipping the steps that matter most. Selling high-end simulations to a company missing the basics isn\u2019t innovation; it\u2019s negligence dressed up as expertise.\u201d<\/p>\n\n\n\n<p>On paper, the UK\u2019s cyber sector is thriving. More than 2,100 firms now operate nationwide, employing around 67,000 people and generating over \u00a313 billion in annual revenue. But the same data shows something less tidy. Almost half of businesses report gaps in fundamental skills such as firewall configuration and data handling, and nearly a third struggle with advanced work like forensics or penetration testing.<\/p>\n\n\n\n<p>Investment tells a similar story. The North West now leads the country in cyber venture funding, taking nearly half of all 2024 capital. It\u2019s a sign of confidence, but local skills and training haven\u2019t yet caught up. Without the people to deploy and manage these systems, money moves faster than maturity can.<\/p>\n\n\n\n<p>Walker says: \u201cMany organizations are stuck between two worlds, one of aspiration, the other of readiness. And when those collide, what\u2019s left is neither secure nor strategic.<\/p>\n\n\n\n<p>\u201cThe word \u2018basic\u2019 does cybersecurity no favours. It sounds like a starting point when it should mean strength. Asset visibility, access control, patching discipline, data backups, user awareness, aren\u2019t warm-up acts before the real show &#8211; they are the show. They create the conditions that make advanced tools actually work.<\/p>\n\n\n\n<p>\u201cThe industry needs to treat these fundamentals as critical infrastructure, not low-value services. It\u2019s easier to sell complexity than consistency, but resilience comes from the latter. A company that patches on time, trains its people, and tests its backups will usually outperform one running the latest detection suite without the muscle to use it properly.<\/p>\n\n\n\n<p>\u201cProviders also have a duty to guide, not indulge. The best partners don\u2019t just sell tools, they design journeys building capability in steady, logical steps rather than hurling clients straight into the deep end.\u201d<\/p>\n\n\n\n<p>However the challenge isn\u2019t only technical, it\u2019s cultural. The Cyber Security Labor Market Analysis 2025 found that while more than half of UK cyber professionals now use AI in their day-to-day work, fewer than half have any formal training in it.<\/p>\n\n\n\n<p>\u201cThe tech is moving faster than people can adapt, and confidence is suffering,\u201d Walker warns. \u201cMature security cultures anticipate that tension. They invest in understanding before automation, making sure every new layer of defense comes with the knowledge to use it well.\u201d<\/p>\n\n\n\n<p>He adds the proportion of businesses with senior oversight of cybersecurity has dropped since 2021, a worrying sign as threats grow more complex. Governance is what turns technical work into organizational protection. Without it, security becomes an IT chore rather than a business priority, reactive, fragmented and, sooner or later, underfunded until a crisis forces attention.<\/p>\n\n\n\n<p>\u201cReal resilience doesn\u2019t come from buying the newest technology, it comes from using what you have wisely,\u201d Walker continues. \u201cIn cybersecurity, great power still calls for great responsibility, and getting the order right matters more than getting there first.<\/p>\n\n\n\n<p>\u201cFor many organizations, that means saying no to the next shiny tool and yes to doubling down on the essentials: training staff, practicing responses, closing the loop between security teams and leadership. Those steps rarely draw attention, but they\u2019re the reason systems stay online when everyone else is scrambling.\u201d<\/p>\n\n\n\n<p>He concludes: \u201cProviders, regulators and boards all share a stake in reinforcing that mindset. Providers should take pride in delivering the steady, practical services that actually make clients safer. Regulators should reward outcomes, not optics. Boards should ask for clarity, not spectacle.<\/p>\n\n\n\n<p>\u201cCybersecurity has always been a race between capability and complacency. Right now, too many firms are sprinting on hype while their foundations are still drying. The answer isn\u2019t to slow innovation, it\u2019s to pace it. Buy the security you\u2019re ready to use, not the one you hope to boast about. Hype makes noise, maturity keeps the lights on.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The need for cybersecurity is never far from the media headlines and the boardroom agenda. Late last month the UK, Australia and the United States announced they had hit back at illicit Russian networks enabling cyber attacks round the world. Media Land, a Russian cyber crime group, has been described as one of the most [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":10253,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[7,26],"tags":[10],"line-of-business":[24],"class_list":["post-10252","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogs","category-latest-insights","tag-exposure","line-of-business-cyber"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/posts\/10252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/comments?post=10252"}],"version-history":[{"count":0,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/posts\/10252\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/media\/10253"}],"wp:attachment":[{"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/media?parent=10252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/categories?post=10252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/tags?post=10252"},{"taxonomy":"line-of-business","embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/line-of-business?post=10252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}