INTELLIGENT

TECHNOLOGY

The results reflect both declining confidence in external technology vendors and rising pressure on internal teams to‘ do more with less.’

Published in Advania’ s Building Core Resilience 2025 report, the findings are from a survey of 1,236 IT decision-makers across Northern Europe, including 500 in the UK. The data shows that at least 65 % of UK mid-sized firms now manage cybersecurity entirely in-house, lacking third-party, expert validation of their defences.

This growing self-reliance coincides with falling confidence in external technology partners. Forty percent of UK IT leaders believe vendors‘ prioritise enterprise clients’ over them, a significant jump from 28 % previously, while a similar proportion feel vendors are more interested in‘ selling products than providing solutions.’ Only 11 % of respondents believe their‘ vendors genuinely act in their organisation’ s best interests.’

“ For the mid-market, cyber self-reliance can too easily slip into overconfidence,” said Pravesh Kara, Director of Security and Compliance at Advania UK.“ Even large enterprises with dedicated teams have been caught off guard by modern attacks. Without independent validation and external expertise, mid-sized organisations risk fighting yesterday’ s battles with yesterday’ s defences.”

Although external threats continue to dominate headlines, Advania’ s research shows that IT leaders perceive internal factors as the more disruptive influence on their cyberstrategy. Fifty-seven per cent of respondents identified issues such as staff turnover, skills gaps and misaligned strategy as the biggest disruptors to their cybersecurity strategy. Organisations are rethinking cyber ROI, as reputational damage now outweighs technical recovery costs after recent high-profile breaches.

“ The biggest vulnerability is often inside the organisation,” said Kara.“ If your strategy, training and communication aren’ t aligned from the board down, even the best technology won’ t protect you. It will lead to increased remediation, legal and reputational costs that cybersecurity spending is increasingly geared towards preventing.”

The report also highlights modest improvements in cyberawareness training, with the number of UK firms offering monthly sessions rising from 22 % to 32 % year-on-year. However, two-thirds of organisations still train employees less frequently.

“ Security awareness is a constant practice, woven into how we work every day. Real-time guidance and positive nudges at risky moments build confidence and change behaviour far more effectively than periodic training and testing alone,” said Kara. •

32 www. intelligenttechchannels. com