The Department for Digital, Culture, Media & Sport (DCMS) has released the Cyber Security Breaches Survey 2020.
The survey gives details on how UK businesses and charities are managing their cyber security strategies, and the costs and impacts of cyber breaches and attacks. The latest figures come from survey interviews which took place between October and December 2019.
The fifth edition of the report warns that “the extent of cyber security threats has not diminished” while figures show that cyber attacks have “evolved and become more frequent”, with almost half of businesses (46%) and over a quarter of charities (26%) reporting cyber crimes in 2019.
Cyber attacks are changing
Cyber hackers are becoming more intelligent and have adapted to many counter-hacking measures. The Cyber Security Breaches Survey 2020 reports that the nature of cyber attacks has changed over the years. Since 2017 the number of businesses experiencing phishing attacks has jumped from 72% to 86%, although there has been a drop in businesses experiencing viruses or other malware attacks, from 33% to 16%.
The report states that:
“Organisations have become more resilient to breaches and attacks over time. They are less likely to report negative outcomes or impacts from breaches, and more likely to make a faster recovery. However, breaches that do result in negative outcomes still incur substantial costs.”
The impact of attacks
One of the main takeaways from the report is that, overall, organisations have become more aware of and hence resilient to breaches and attacks. High-profile attacks in recent years, such as WannaCry in May 2017, and better awareness of the seriousness of cyber threats in general could be the reason for this.
That said, cyber breaches do still occur, with one in five businesses targeted for an attack experiencing a negative material outcome, losing either money or data, or even both.
Last year, more businesses – 39% – were negatively impacted in terms of the day-to-day running of their organisation, for example requiring new protection measures to be undertaken, having staff time and resource diverted, or suffering other widespread business disruption.
Third sector targeted by hackers
The Cyber Security Breaches Survey 2020 reveals that third sector organisations are also being targeted by cyber criminals, with more than a quarter of charities falling victim to an attack last year.
In 2019, 26% of charities reported breaches, up from 22% in 2018. The report notes, though, that while “more charities are being targeted … [this] … could also mean that they are better at identifying breaches than before.”
The survey highlights that larger charities in particular are being singled out. Some 57% of charities with incomes of more than £500,000 a year were affected by cyber attacks or breaches in the 12 months prior to the survey being held.
Of the charities affected by cyber breaches, a fifth reported that incidents occurred at least once a week.
Awareness of Cyber Essentials
Regardless of whether they are aware of Cyber Essentials or not, the report states that more than half of all businesses (51%) and two-fifths of charities (41%) say they have implemented Cyber Essentials technical controls in all areas, protecting them from the most common types of cyber threat.
As in previous years, most organisations, particularly smaller ones, may not realise that they can receive Cyber Essentials certification for the measures they already have in place – only a small proportion (13% of businesses and charities alike) being aware of the scheme.
This is excellent progress; however, without formal Cyber Essentials certification businesses will be unable to win work with the public sector and show that their organisation is protected against cyber threats.
Would you like to learn more about Cyber Essentials? Contact us for more information on certification.