Around half (46%) of UK firms reported that they experienced a cyber attack or data breach in 2019 – up 39% from 2018.
This is one of the key findings in the UK Government’s annual Cyber Security Breaches Survey. The study also found that, despite an increase in such reports, organisations are becoming better at defending against and recovering from these types of incidents.
According to the survey, the number of medium (68%) and large (75%) businesses reporting breaches or attacks jumped from 60% and 61% respectively.
Out of all the businesses that reported incidents, more (32%) are experiencing them at least three times per week than they were in 2017 (22%).
Businesses are also suffering more phishing attacks, up to 86% from 72%, although less of them are experience malware incidents than three years ago, down to 16% from 33%).
The study highlights that the rise in incidents has been offset by improved response and stronger resilience, though, since 2017, the proportion of businesses listing any outcome from an incident has dropped by 19% and the proportion being negatively affected has fallen by 18%.
80% of respondents to the survey described cybersecurity as a high priority for their senior management team and 37% said they have board members with a security brief. However, there is still considerable work to be done with regards to other aspects of cybcersecurity,
As few as 32% of those surveyed said that they have cyber insurance; 50% of businesses have conducted audits in the past year; 15% have reviewed supply chain risk and only 27% reported breaches to anyone beyond their IT/security providers – meaning many companies could be in breach of GDPR.
Chris Miller, RSA Security UK & Ireland regional director, believes supply chain risk assessments should focus on the potential impact on business operations.
He said: “First, you must identify the most important parts of your business and then focus on protecting them. Ask yourself: which data flows in and out of the business? Which suppliers have access to what corporate data? Where is my most critical data and who can access it?
“By taking this approach, you can align your security protocols so you know how much access to grant to, and how much trust to place, in your suppliers.”
- MSPs to Vote on DNA and Fingerprint Data Storage Law
- 150,000 Cybersecurity Professionals From 175 Countries Join (ISC)²
- State-of-the-art Research Centre Could Transform Scots Manufacturing
Redscan CTO, Mark Nicholls, said: “The most concerning thing for me, is the significant number of organisations that have been targeted and aren’t aware of it. While a significant percentage of businesses identify multiple attacks each week, more than half say they haven’t had a single one in 12 months.
“Being able to swiftly detect attacks is key to minimising damage but many organisations still lack the appropriate controls and a deep awareness of what activity to look for.”