Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

Cyber security review reveals businesses under attack

The British Government has just released the results of an annual survey into cyber-attacks on businesses and charities – and it’s not pleasant reading.

The Cyber Security Breaches Survey 2019 results reveal that organisations subject to cyber-attacks are experiencing more breaches than ever before.

And whether it’s a phishing attack or a virus, the cyber breaches are hitting businesses and charities where it hurts, on the bottom line.

Here, we look at the report’s top five key findings – followed by tips on what you need to do to protect your organisation from hackers.

Cyber security

The survey report says more organisations are implementing security measures such as those under the Cyber Essentials scheme – but there’s still a long way to go

1. Affected businesses report rise in cyber attacks

32% of businesses and 22% of charities report having cyber security breaches or attacks in the previous 12 months. As in previous years, this is higher among medium-sized businesses (60%), large businesses (61%) and high-income charities (52%).

The most common types are:

  • Phishing attacks (identified by 80% of businesses and 81% of charities)
  • Impersonation of an organisation in emails or online (28% of businesses and 20% of charities)
  • Viruses, spyware or malware, including ransomware, attacks (27% of businesses and 18% of charities)

For businesses, the proportion identifying breaches is lower than in 2018 (when it was 43%) and 2017 (46%). The charities’ result is similar to 2018.

But, for affected businesses, the typical number of breaches over 12 months has soared from two attacks in 2017 to six in 2019.

2: The rising cost of cyber attacks

The findings also suggest that, where businesses have lost data or assets through cyber security breaches, the costs from such incidents has consistently risen since the 2017 survey.

Among the 32 per cent of businesses recording cyber breaches, this resulted in a negative outcome, such as a loss of data or assets, in 30 per cent of cases. The figure for charities was 21%.

For businesses suffering these kinds of negative outcomes, the average cost to them was £4,180 in 2019 – higher than in 2018 (£3,160) and 2017 (£2,450).

Once again, the average cost faced by larger businesses tends to be much higher (£9,270 for medium firms and £22,700 for large firms). And for charities facing such negative outcomes from breaches, the average cost was £9,470.

3: Stepping up cyber defences

One positive thing to take from the survey is that more businesses and charities have taken positive steps to improve their cyber security. This is in partly linked to the introduction of the GDPR, the report states.

78% of businesses and 75% of charities say that cyber security is a high priority for their organisation’s senior management. These proportions are higher than in 2018 (when it was 74% of businesses and 53% of charities).

Alongside this change in attitudes, there have also been various shifts in behaviour and action taken:

  • More businesses (57% vs 51% in 2018) and charities (43% vs 27%) update their senior management on actions taken around cyber security at least once a quarter.
  • Written cyber security policies are more common both among businesses (33% vs 27%) and charities (36% vs 21%).
  • Businesses (27% vs 20%) and charities (29% vs 15%) are more likely to have had staff attend cyber security training in the last 12 months.

Over half of all businesses (56% vs 51%) and two-fifths of charities (41% vs 29%) say they have implemented controls in all the five technical areas listed under the Government’s Cyber Essentials scheme.

4: Working with suppliers

“There is still more that organisations can do to protect themselves from cyber risks,” states the survey’s summary. “This includes taking important actions that are still relatively uncommon, around board-level involvement in cyber security, monitoring suppliers and planning incident response.

“In some areas, the increasing prioritisation of cyber security has not always been matched by increased engagement and action.”

  • 35% of businesses and 30% of charities have a board member or trustee with specific responsibility for cyber security. For businesses, this is higher than in 2018 (30%), but the proportion remains low overall.
  • 18% of businesses and 14% of charities require their suppliers to adhere to cyber security standards. In the qualitative interviews, some had not considered suppliers as a potential source of cyber risk before.
  • Only 16% of businesses and 11% of charities have formal cyber security incident management processes in place.

5: Where to look for help

Organisations are open to receiving guidance for these areas, and for other aspects of cyber security. But the survey found that they expect such guidance to be pushed out to them.

  • 59% of businesses and 47% of charities have sought external information or guidance on cyber security in the past 12 months.
  • But only 7% of businesses and 9% of charities have sought information or guidance from the Government or public-sector bodies, such as the National Cyber Security Centre.
  • Most of these businesses (75%) say this information has been useful – but the qualitative evidence suggests that organisations do not recognise a need to seek this information out for themselves.

What do you do now?

The survey states that one plausible explanation for fewer businesses identifying breaches is that they are becoming more cyber secure and have increased their planning and defences against cyber-attacks since 2018.

We like to think that CertiKit has played a part in that. Our toolkits guide organisations through the process of applying for various certifications, including those related to cyber security, in a simple step-by-step process.

Here are three toolkits which could help

Cyber Essentials: This toolkit is designed to help implement the five key controls of Cyber Essentials quickly and effectively.

The controls cover firewalls, passwords, administrator accounts, malware and security updates. Certification lets your customers know you’re serious about cyber security, and opens up the doors to enable you to bid for certain Government contracts.

ISO27001: While Cyber Essentials is a relatively simple scheme in the UK and Canada, the ISO27001 International Standard takes things to the next level by helping you create and run your own Information Security Management System.

Again, our toolkit takes you through the process of applying for the standard. We at CertiKit are certified to ISO27001 Standard and Cyber Essentials, so we don’t just talk the talk, we live it.

GDPR: Finally, our GDPR Toolkit can help you meet the requirements of the EU’s General Data Protection Regulation. The survey itself states that the law’s introduction has led to organisations stepping up their cyber security.

The GDPR covers the privacy of EU citizens and what steps organisations must take to protect their personal data. Again, our toolkit will guide you through what needs to be done to ensure compliance.

Visit our blog for recent news updates on all three of these CertiKit toolkits.

Over 3000 businesses have purchased our toolkits

Testimonials

The toolkit is well laid out, clearly written and easy to adapt. I like the fact that it is compliant to the standard as a start point. This is difficult to achieve considering the diversity of organisations it is covering.

Director/Founder/C-Level
SSTL, UK

View all Testimonials