Expel Publishes New Research on the Cybersecurity Challenges Facing British Organisations

New research reveals cybersecurity budget unspent, IT team burnout, and a mostly reactive approach to security

Press releases · Cole Finch

London, ENGLAND, 19 April, 2023Expel, ‌the security operations provider that aims to make security easy to understand, use and improve, today released the findings of its recent research report, “The UK cybersecurity landscape: challenges and opportunities.” The report provides new insight into the obstacles facing cybersecurity teams, based on research gathered from 500 IT decision makers (ITDMs) in the United Kingdom across businesses of different sizes and sectors—including financial services, technology, healthcare, and government.

Cybersecurity a big challenge for businesses

UK businesses currently face a number of challenges, with the cost-of-living crisis continuing and the prospect of a recession a very real possibility. Despite this, cybersecurity remains a critical concern for organisations. Half of respondents (50%) highlighted cybersecurity as a significant challenge for 2023, behind only energy prices (61%) and the economic climate (54%).
When it comes to the specific cybersecurity challenges faced by businesses, respondents named multiple familiar threats. Malware concerns the most respondents (43%), followed by ransomware (38%), phishing (38%), and business email compromise (BEC—25%). Only 14% identified nation-state activity as a concern.

Alert fatigue and burnout strain IT teams

The report finds that many IT teams sense a breaking point, with team members experiencing burnout and a negative impact on their work/life balance when they regularly miss personal commitments because of cybersecurity risk. In fact, 93% of respondents have experienced this. Thirty-four percent of the total say missing personal commitments happens all or most of the time, as do 43% of IT team members and 38% of CIOs/CTOs.

This is driven by teams swamped with alerts, with 52% of those surveyed agreeing that their team spends too much time dealing with unnecessary cybersecurity notifications. When asked, “How likely or unlikely do you think it is that you or members of your IT/cybersecurity team will leave the cybersecurity industry due to burnout in the next 12 months?” 52% of IT decision makers responded “likely” or “very likely.”

More than a quarter of cybersecurity budget went unspent

ITDMs surveyed report a median annual security budget of £200,000. The survey found that, on average, 26.7% of allocated security budgets—£53,400 per company surveyed—was unused in 2022. Twenty-one percent of respondents reported spending 50% or less of their budgets.

Many businesses appear to be taking a reactive, rather than proactive, approach to cybersecurity investment. Mandatory regulation and responding to a breach they’ve experienced drive the most investment at 38% and 32%, respectively.

Chris Waynforth, General Manager & VP International at Expel, said: “In many ways, this report confirms much of what ITDMs already know. Even though cybersecurity concerns many UK businesses, they’re struggling to figure out how and where to invest in solutions. Organisations looking to maximise their investments get the best results when engaged leadership sees security budget as a business enabler rather than a cost centre.

He continues: “While this data may seem dire, we’re optimistic. Our research illustrates how a change in mindset and attention towards key areas of investment can provide useful guidance for those looking to improve security strategies and efficiencies, this year and beyond.”

Download “The UK cybersecurity landscape: challenges and opportunities” report here.


A third-party, UK-based research firm, Opinium, conducted the online survey between 27th January and 3rd February 2023. The respondents included 500 ITDMs from small, mid-market and enterprise-scale UK businesses. Download the report for a full methodology breakdown.

About Expel

Expel helps companies of all shapes and sizes minimize business risk. Our technology and people work together to make sense of security signals—with your business in mind—to detect, understand, and fix issues fast. Powered by our security operations platform, Expel offers managed detection and response (MDR), remediation, phishing, and threat hunting. For more information, visit our website, check out our blog, or follow us on LinkedIn or Twitter.

Adam George
Harvard on behalf of Expel

Resources home