Skip to content
2 in 5 businesses attacked, UK cyber security report finds
OryxAlignApr 1, 20213 min read

2 in 5 businesses attacked, UK cyber security report finds

A new survey report looking into cyber security awareness, attitudes, approaches and impacts has revealed alarming new figures around heightened cyber attacks, in particular that 2 in 5 UK businesses (around 39%), reported a cyber attack or breach in the last 12 months.

According to the Department for Digital, Culture, Media and Sport’s (DCMS) Cyber Security Breaches Survey 2021, Covid-19 has caused unprecedented challenges for businesses – although that shouldn’t come as a surprise to IT professionals.

Direct security and monitoring have become harder with remote working, as has upgrading systems. Endpoints are causing headaches, particularly in the beginning when laptop shortages blur the lines with BYOD/UYOD. In-house IT resources were stretched and tested, often choosing between prioritising business continuity and cyber security.

Within the report are key findings about types of attacks, how businesses are being affected, and how they are protecting themselves.

The most common attack vector

 

When this question was first asked in 2017, direct malware was more prevalent. But over time, phishing and impersonation attempts have knocked it off its top spot. Between 2017 and 2021, phishing attacks rose from 72% to 83%.

Phishing attacks are widely considered the most disruptive type of attack an organisation can face. Hardly surprising considering they can allow much worse in.

It’s interesting to see that ransomware is only at 7%, considering that a total of 199.7 million ransomware attacks were reported globally in the third quarter of 2020.

 

 

Around a quarter of businesses experience breaches or attacks at least once a week

 

How businesses are being affected by breaches or attacks

Reportedly 1 in 5 attacks or breaches result in a negative outcome, like loss of data or stolen assets – but why would you play Russian roulette, especially when you can see what other companies have shared what they’ve been through.

If you are one of the lucky ones that manages to escape one of the many nasty implications listed, you’re not immune to any impacts. New protective measures would need to be evaluated immediately, staff resources would be diverted away from other projects to remediate the breach, reputation can take a hit and customer complaint will need handling.

How businesses are identifying and minimising cyber risks

This graph displays the activities that business have carried out in the last 12 months. It’s unsettling to see that around half of businesses have done none of these actions.

The survey has also explored the attitudes towards cyber security – the majority of senior management sees cyber security as a priority, but it’s still not a 100%. One business reasoned that from the directors’ perspective, it was more important to keep the business running during unprecedented challenges, whereas the survey respondent felt that there still needed to be a layer of security that would prevent them from being more vulnerable.

It’s good to see that staff training has appeared on the list of activities business are using, although more should be adding it to their cyber defence strategy. Your Human Firewall is the first line of defence to block outside threats, so make it a priority.

It can also be an easy win. For example, one business cited in the report carried out a mock phishing exercise and found that 15% of employees fell for the mock phishing email. When the findings were presented to the management board, conversations and actions around new user training and technical rule changes took place.

How businesses are preventing future breaches or attacks

In terms of prevention, most businesses that have previously been breached or attacked have taken good steps to prevent any further breaches. Shockingly around a 3rd of businesses haven’t taken any action since their attack. In order to keep up with the evolving threat landscape, businesses need to invest in new technologies and solutions to keep their business protected from further breaches.

The top 3 actions taken in light of a breach were:
1) Providing additional staff training
2) Installed, changed or updated antivirus and anti-malware software
3) Changed or updated firewall or system configurations

As threats continue to evolve, our cyber security services mature and strengthen to protect against new and evolving threats. If you’re looking for more information on how you can keep your business protected, our cyber security experts are here to help!

RELATED ARTICLES