In an increasingly digital world, safeguarding against cyber threats is paramount. The UK Cyber Security Breaches Survey, an essential research initiative aligned with the National Cyber Strategy, is at the forefront of bolstering the nation’s cyber resilience. This study plays a pivotal role in shaping government policies aimed at creating a secure environment for businesses, charities, and educational institutions in the UK. In this article, we’ll delve into the latest findings from the survey, offering valuable insights into the evolving landscape of cyber security.
Understanding the Survey’s Purpose
The survey is a comprehensive examination of cyber security policies, practices, and challenges faced by organizations of varying sizes and sectors. It focuses on identifying cyber attacks and breaches, shedding light on the prevalent threats and their consequences. By gathering this data, the survey contributes to refining strategies that ultimately make UK cyberspace a safer place for conducting business.
Cyber Security Infographic
-
01
Businesses and Charities are easy prey
32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months. This is much higher for medium businesses (59%), large businesses (69%) and high-income charities with £500,000 or more in annual income (56%).
-
02
It's dropped a little
This is a decrease from 39% of businesses and 30% of charities in 2022. The drop is driven by smaller organisations – the results for medium and large businesses, and high-income charities, remain at similar levels to last year.
-
03
But it still costs £
Among those identifying any breaches or attacks, we estimate that the single most disruptive breach from the last 12 months cost each business, of any size, an average of approximately £1,100. For medium and large businesses, this was approximately £4,960. For charities, it was approximately £530.
-
04
Are you still concerned about it?
The proportion of micro businesses saying cyber security is a high priority has decreased from 80% in 2022 to 68% this year. Qualitative evidence suggests that cyber security has dropped down the priority lists for these smaller organisations, relative to wider economic concerns like inflation and uncertainty.
Current Trends in Cyber Security Breaches
The survey’s most recent release, based on data collected in the winter of 2022/23 and early 2023, paints a detailed picture of the cyber security landscape. Notably, the identification of cyber security breaches and attacks remains a persistent concern. However, a concerning trend emerges – smaller organizations are less adept at identifying these threats compared to the previous year. This shift might be attributed to the perception that, amidst economic uncertainties, senior managers in smaller entities prioritize other matters over cyber security monitoring.
Approximately 32% of businesses and 24% of charities recall experiencing breaches or attacks in the past year. This marks a decline from the previous year’s figures of 39% for businesses and 30% for charities. However, medium businesses, large businesses, and high-income charities (with £500,000 or more in annual income) maintain higher breach or attack recall rates, underlining the disproportionate impact on smaller organizations.
When examining the financial implications, the survey estimates that the most disruptive breach over the past year cost businesses an average of around £1,100 each, with the cost rising to about £4,960 for medium and large businesses, and approximately £530 for charities. This emphasises the tangible financial consequences of inadequate cyber security measures.
Picking a great cyber security suite doesn’t have to be expensive at all, and there’s so many options to pick form. You can find out more through the security page or the contact page. Get in touch and I’ll be happy to help.
Prioritising Cyber Hygiene
The survey underscores the significance of basic cyber hygiene measures. Many common cyber threats are relatively straightforward, prompting government recommendations for businesses and charities to adopt “cyber hygiene” practices. These practices include updated malware protection, cloud backups, strong passwords, restricted administrative rights, and network firewalls. Encouragingly, a majority of businesses and charities implement these measures.
However, it’s essential to note that certain aspects of cyber hygiene have witnessed consistent declines across three survey waves. For instance, businesses have shown reduced adherence to password policies, use of network firewalls, restricting admin rights, and promptly applying software security updates. While this trend is predominantly observed among micro and small businesses, it serves as a reminder of the ongoing need for continuous improvement in cyber security practices.
Managing Risks and Supply Chains
A vital aspect of cyber security is risk management, particularly concerning supply chains. Larger businesses take more proactive measures to identify and mitigate cyber risks, including supply chain vulnerabilities. Interestingly, a majority of large businesses are now reviewing supply chain risks for the first time, signifying a growing awareness of this critical aspect.
Around 30% of businesses have conducted cyber security risk assessments in the past year, with medium and large businesses leading this effort. Similarly, a comparable proportion of businesses deploy security monitoring tools, with medium and large businesses taking the lead. Notably, cyber insurance is increasingly prevalent, with nearly 40% of businesses and a third of charities having coverage. This is more pronounced among medium and large businesses, indicating a recognition of the value of such coverage.
If you want to know more about your current cyber security posture, you can contact me for a quick chat and I can help you with improve or sustain your current practises. Contact me via the form below or through the contact page.
Incident Response and the Path Ahead
Responding effectively to cyber incidents is crucial, but the survey reveals a disconnect between intentions and actions. While a majority of organisations express intent to take action following an incident, only a minority have established processes in place to support these intentions. This signals an area for ongoing improvement, warranting continued study and awareness-raising efforts.
While processes such as assigning specific roles, providing external and internal reporting guidance, and developing incident response plans are commonly mentioned, formal incident response plans are less prevalent. These plans are more widespread in medium-sized and large businesses, suggesting that smaller entities could benefit from increased preparedness in this area.
The survey’s qualitative findings highlight the importance of bridging the gap between IT or cyber teams and wider staff, including management boards. Effective communication and post-incident reviews emerge as potential solutions to foster a collaborative approach to cyber security across organisations.
Conclusion
The UK Cyber Security Breaches Survey stands as a cornerstone in enhancing cyber resilience across the nation. As cyber threats continue to evolve, these insights provide a roadmap for organizations to fortify their defenses, prioritize cyber hygiene, and engage in effective risk management. By fostering a culture of vigilance and preparedness, businesses, charities, and educational institutions can contribute to a more secure digital landscape in the UK.
If you want to read the report, you can do it here on the .gov website: Cyber security breaches survey 2023. This is where I’ve cited all of my information from whilst putting this together.
