New research suggests that one-third of UK organizations come under cyberattack at least once every week. That’s the shocking headline finding in the British government’s annual Cyber Breaches Survey.
Now into its sixth year, the survey assesses the state of cyber security in the UK. The idea is to help businesses and charities better understand how “ready” they are to identify and manage cyberattacks.
4 in 10 were attacked last year
Of the businesses surveyed, 39% said that they had identified at least one attack in the previous twelve months. Most of the incidents reported – 89% – were related to phishing attacks where criminals attempted to steal confidential information like passwords from victims.
Other common problems included ransomware, malware and denial of service attacks. Because of the potentially devastating nature of the technique, businesses were most concerned about how ransomware could take their operations offline and cause significant damage to finances and corporate reputation.
In fact, 20% of respondents reported that cyberattacks had had a negative impact on their operations.
Is this an accurate picture of British cybersecurity?
A weekly attack rate of 30% sounds high – but is the real picture much worse? The annual Cyber Breaches Survey does not specify a reporting framework for security incidents, so it seems likely that issues are being underreported.
This is particularly true when calculating the financial cost of a cyber breach; the survey found each breach costs approximately £4200 – or £19,400 for medium and large organizations. Again, with no standardized way to calculate costs, it is highly likely that many important secondary costs are being underestimated – or ignored completely.
Some signs of improvement
The survey also asks respondents about what they are doing to improve their cyber security posture. Nearly half of all businesses said that they had made steps to strengthen their defenses using the National Cyber Security Centre’s ‘10 Steps to Cyber Security’ guidelines.
Clearly these efforts are welcome, but until businesses have successfully applied all ten principles, they will be open to risk of attack. The government is also advising British organizations to sign up to the Cyber Essentials scheme – even if they don’t currently trade with the government. By applying these guidelines, British SMEs will be well prepared to identify and block the most common attacks and to improve the security and privacy of their business, customers and employees.
Hopefully next year’s edition of the Cyber Breaches Survey shows a continuation of this trend, with more businesses taking proactive steps to improve their defenses. Equally, we also want to see a reduction in attacks, with fewer businesses being targeted every week.
Here’s hoping more British businesses will get the message during 2022 – and do the necessary work to better defend themselves against hackers and thieves.