Are We Stirring the Right Ingredients for Cyber Resilience?

News and information from the Advent IM team.

I recently spoke in the Security Leaders Summit at the Security Event, NEC.  I wanted to talk about getting the perfect serve for information security resilience. I thought I would share a couple of my cocktail-based musings here for anyone who might be interested but missed it. I can’t cover the whole presentation, so I have picked out two troublesome ingredients from the whole cocktail….

We may be spending more on cybersecurity each year, but are organisations mixing the right elements into their security strategies? Recent figures and expert commentary suggest not.

A Cocktail of Concern: The Cyber Resilience Mix-up

A glance at the data from the Cyber Security Breaches Survey 2024 highlights an uncomfortable truth: while hostile cyber activities have surged in frequency and sophistication, many organisations still pour most of their cybersecurity budget into technology—leaving awareness and training as an afterthought.

Here’s the reality check:

  • Human error is the main culprit in non-cyber breaches, which outnumber technical breaches by an average of 3:1, according to the ICO.
  • Even among cyber breaches, many are human-enabled—phishing, misconfigurations, or poor access controls.
  • And yet, most organisations still invest disproportionately in technical controls over human-focused defences.

The Numbers Don’t Lie

  • Cybersecurity awareness training has only a 17% take up in UK organisations
  • Just 9% of the average UK organisation’s IT budget is allocated to cybersecurity.
  • A large portion of this small slice goes to tech tools—leaving little room for robust human-centric training initiatives.

Dependence vs. Defence

Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC), recently warned of increased threats from hostile actors exploiting the UK’s technological dependencies. When 78% of UK consumers express concern about organisations’ reliance on third-party IT providers, it’s a signal that trust—and security—need to be rebuilt from the inside out.

Final Sip: A Call for Balance

The message is clear: technology alone can’t carry the weight of cyber resilience. We must stir in equal parts of governance, risk awareness, compliance, resilience, human training, and of course, smart technology. Without the full mix, we risk serving up a security strategy that’s all tonic and no gin.

Written by Ellie Hurst, Advent IM Commercial Director.

Share this Post

© 2025 Advent IM Limited.