Over half of UK businesses experienced a cyber breach in 2023 despite an overwhelming majority having deployed multi-factor authentication (MFA), a new study has revealed.

Cybersecurity firm IDEE commissioned an independent survey of more than 500 IT and cybersecurity professionals within UK businesses. The research found that 95% of businesses have deployed some form of MFA.

However, while 46% of cyber professionals described their MFA solution as ‘highly effective’, half (50%) said it is only ‘somewhat effective’.

The ineffectiveness is underlined by the fact that (56%) of the businesses surveyed said they had experienced a cyber breach last year, with 26% experiencing three or more breaches in the past 12 months alone.

How many cyber breaches have UK businesses experienced in the past year?

0 = 44%

1 = 13%

2 = 17%

3 = 17%

4 = 5%

5 = 3%

More than five = 1%

Al Lakhani, CEO of IDEE, said: “There is good MFA, and there is bad MFA. Worryingly, judging by the 50% of MFA users describing their solution as merely being ‘somewhat effective’, UK businesses are putting far too much faith in bad MFA.

“It beggars belief. Cyber breaches cause huge operational, financial, and reputational damage, so why are businesses not taking steps to address the weaknesses that their current solutions so obviously have? It’s like leaving your front door open when you go on holiday – you’re practically begging criminals to come into your house to steal your data or take over your accounts.

“The clock is ticking – it’s time for businesses to deploy authentication methods that can mitigate password-based, credential phishing and adversary-in-the-middle cyber threats that leverage ‘credentials’ as the initial access vector. This means investing in solutions grounded in strong digital identity proofing and transitive trust, in turn allowing businesses to improve their security and productivity with minimal time and resources. Let’s hope this data shocks a few more organisations into much-needed action.”