



IT and security teams around the world are facing enormous challenges. But research from a new Google Workspace survey, Security at a tipping point, shows that IT and security leaders in the UK are feeling more pressure than many leaders around the world. In fact, the average cost of a data breach in the UK is 3.5 million GBP, 7.6% higher than last year.

The results point to two key factors driving this trend: the burden of legacy technologies and the rapid rise of generative AI. Both are contributing to an increasingly complex and challenging threat environment.

Legacy Technologies: Increasing Responsibilities in the Digital Age

Many organizations rely on legacy systems, but in today's rapidly evolving digital environment, these systems are increasingly becoming a burden. The survey found that 75% of UK security leaders believe legacy technologies leave them ill-equipped to deal with modern security threats. In comparison, globally, this is 59%. Reliance on outdated technology creates vulnerabilities that cybercriminals seek to exploit.

Reluctance to embrace change makes the problem worse. According to the survey, organizations often extend their existing security tools instead of replacing outdated tools with more modern, securely designed solutions. Globally, 62% of security decision-makers admit to simply extending their security tools rather than replacing them. This piecemeal approach to security not only fails to address the root cause of the problem, but often makes the problem worse by creating a complex and unwieldy security environment that is difficult to manage effectively.

Generative AI: Exploring the Path to Responsible Innovation

Generative AI is revolutionizing the way we work and live, providing a wealth of opportunities. But while AI can significantly improve security, it also creates new risks that require attention.

The survey highlighted this duality, finding that 77% of UK security leaders believe the use of generative AI has contributed to the rise in security incidents. This figure, 12 percentage points higher than the global average (65%), highlights the need to be proactive to address the evolving security environment. UK organizations have also been slow to respond to these concerns. Only 27% of UK respondents said they had introduced generative AI-related security policies. This compares to a global average of 41%.

The rise in security concerns related to AI can be attributed to a number of factors, including the rise of shadow AI within enterprises, i.e. the use of generative AI tools that have not been vetted and approved by IT and security teams. The problem is not that AI is inherently more dangerous, but that unauthorized and ad-hoc use of shadow AI within a company makes it a very difficult task for security managers to protect what they cannot see and measure. Enterprise-grade solutions like Gemini for Workspace provide a safer alternative for organizations to get the most out of AI, along with the security, compliance, and confidentiality controls needed to make AI safe.

UK IT and security teams at breaking point

The combined pressures of legacy technology and shadow AI have taken a toll on the UK’s IT and security teams. 43% of UK IT and security leaders report that their teams are overwhelmed and exhausted by security threats. This is 15% higher than the global average. This fatigue is a clear indicator that the current approach to security is unsustainable and requires fundamental change.

So what can UK organizations do to address these issues?

Embrace modern, safe design solutions: It is essential to move away from legacy technologies and adopt solutions that are safe by design. Modern solutions like Google Workspace are designed to effectively address the vectors from which most attacks originate: phishing, stolen credentials, and software exploits. Change can be achieved in small steps. Modernizing an entire existing software ecosystem may seem difficult, but it is meaningful security. Benefits can be achieved through a phased approach with minimal impact to end users. For example, by deploying Chrome Enterprise for your users, you can provide them with a safe browsing experience using the web browser they already know and love. Prioritize account security. A significant portion of successful cyberattacks begin with a compromised user identity. Organizations should strengthen their defenses in this area by implementing strong authentication measures, such as two-factor authentication (2FA) and anti-phishing Titan security keys. Take advantage of AI for added protection. AI can help protect your organization from new threats. For example, Gmail's AI defense already uses Large Language Models (LLMs) to better defend against spam and phishing attempts. In fact, thanks to LLM, Gmail automatically blocks 20% more spam and 120 million phishing attempts every day. Create a culture of security: Security is not just the responsibility of IT and security departments. It's everyone's responsibility. Organizations must create a security culture where everyone understands the importance of protecting sensitive data and takes proactive steps to do so.

The security environment is constantly evolving. Organizations in the UK that fail to adapt and invest in more modern, holistic security approaches risk falling victim to increasingly sophisticated and costly cyberattacks, from commercially driven criminal groups to state-sponsored adversaries. Watch this webinar to learn how Google's digital workplace solutions can help enable safer work across your organization.

