Skip to content
Connected world; globe. Royalty-free stock photo ID: 1487210270.
Connected world; globe. Royalty-free stock photo ID: 1487210270.

Press release -

Organisations could pay the price as heightened risk tolerances expose transformation projects to hackers

New research from NCC Group suggests that companies have struggled to pay off cyber debts accrued during the pandemic.

Digital transformation programmes could be vulnerable to cyber attacks due to increased risk tolerances and ongoing cyber security challenges, according to new global research of 500 cyber security decision makers by NCC Group.

Seventy-six per cent admitted that they had increased their risk tolerances to allow changes to their operating model (such as remote working) during the pandemic. Simultaneously, organisations are struggling with security challenges that include balancing proactive security improvements with everyday operations, knowing which risks to prioritise and digesting the volume and complexity of reports from third parties after a security assessment.

The research suggests that this ongoing cyber debt has negatively affected organisations’ security postures: forty-five per cent said that their transformation projects had inherited legacy security issues, with just thirty per cent integrating cyber security into those programmes. If legacy systems remain connected to the internet or an organisation’s network, hackers can exploit vulnerabilities in them and use them to infiltrate other areas of the organisation.

After cutting cyber budgets and freezing recruitment of security staff during the pandemic, most organisations plan to increase spending to address their cyber debt. More than half (55%) said that they planned to increase security spending by thirty per cent or more, while just four per cent planned to decrease spending by the same amount.

However, nearly sixty per cent said that they will rely on internal scoring mechanisms to measure their cyber security posture, while less than a quarter have a structured security improvement plan in place for the next 12 months.

Ian Thomas, Managing Director for NCC Group Assurance UK & ROW, said: “It’s clear that the pressures of the pandemic have forced organisations to increase their risk tolerance and temporarily cut spending on cyber security, it’s a double hit. In doing so, they have exposed themselves to legacy security issues, which could ultimately cost organisations more money by derailing vital transformation projects if they do not repay this cyber debt.

“What is encouraging is to see organisations planning to increase security spending to address this debt. That said, it’s vital that these funds are invested as part of a strategic security improvement plan to ensure that legacy security issues are remediated effectively and to provide ongoing improvements to an organisation’s security posture.” 

Note to editors

This research questioned 500 senior IT security decisions makers, directors and senior managers in five countries (United Kingdom, Germany, Denmark, Netherlands and the United States) who work in a range of industries including financial services, telecoms and technology, local, regional and state Government and higher education.

Market Research Report

You can read the research report in full here 



About NCC Group

NCC Group exists to make the world safer and more secure.

As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers to protect their most critical assets from the ever-changing threat landscape.

With the company's knowledge, experience, and investment in research and innovation, it is best placed to help organisations assess, develop and manage their cyber resilience posture.

With circa 2,000 colleagues in 12 countries, NCC Group has a significant market presence in North America, Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia, Japan and Singapore.

Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7824 412 405

Related content

Related events

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom