The UK Government recently released the main findings of their Cyber Security Breaches Survey for 2021. This year’s study is the first to take place since the start of the COVID-19 pandemic and ensuing national restrictions. Cyber security breaches continue to be a serious threat to all types of businesses and charities, yet preparation for such attacks is not always seen as a high priority
Four in ten businesses and a quarter of charities report having had any kind of cyber security breach or attack in the last 12 months. Larger businesses are more likely to identify attacks than smaller ones, with charities showing a similar experience based on income level. The most common type of breach by far is phishing – staff receiving fraudulent emails or being directed to fraudulent websites.
This year sees a significant increase in businesses and charities dealing with finances online.
Almost 60% of businesses have multiple online exposure points, including more use of smart devices. Only 43% of businesses and 29% of charities report being insured against cyber risks in some way. This has increased by 11 percentage points for businesses since last year, but still leaves a lot to be desired. The global pandemic forced organisations to redirect resources towards maintaining productivity, for example, providing equipment to staff who were working from home. Cyber resilience measures were often seen as less urgent during this time.
“The priority for us as a business was survival, making sure that we felt our staff were safe, that they had enough room to socially distance and that we were able to carry on providing the service to our customers … It was more about survival than anything else from March 2020 until June 2020.” - Small business
But what is the impact of breaches when they do occur? The majority of businesses and charities say that phishing is the most disruptive type of attack. Among the organisations that have experienced a breach in the past year, half of businesses and almost half of charities say this happens once a month or more often. The results can be damaging, causing a temporary loss of access to files or networks and disruption to websites, applications or online services. Organisations are forced to take up new measures to prevent or protect against future cases. While it’s hard to quantify the exact financial impact of such a breach, the average overall cost to businesses can be up to £8,460, or £13,400 for medium to large-sized company.
While 77% of businesses and 68% of charities say cyber resilience is a high priority, only around half of businesses and charities have taken action to minimise cyber risks in the last 12 months. There needs to be more focus on carrying out a cyber resilience vulnerability audit, using specific tools designed for security monitors, undertaking cyber security risk assessments, and prioritising the testing and training of staff. Around half of businesses and charities report actively seeking information or guidance on cyber resilience measures outside their organisation in the past year. This is where the CRC network can step in.
Find your nearest Centre and begin the journey towards building a comprehensive cyber resilience policy.