Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

The Cyber Security Trends of 2021

The UK Government have released the 2021 Cyber Security Breach Data Report showing the cyber trends for businesses and charities in the UK, and it is an interesting read for us all.

The good news is the percentage of businesses identifying cyber security breaches is down from 2020 which was 46% to now 39% in 2021. There is still room for improvement to reduce this number further starting with increasing awareness and a proactive approach.

Here we share the trends identified, followed by tips on how to reduce the risks within your organisation.

1) Unprepared staff is common issue

A low 14% of businesses reported training staff on cyber security resilience, and just 20% have tested their staff responses, for example to mock phishing scams.

Awareness is key within any organisation for prevention, and this can be implemented by a range of different resources – an online staff training programme or regular presentations from your inhouse cyber specialists could be useful.

With phishing scams accounting for over 80% of identified attacks, we would like to share with you our partners at Cofense. Their leading intelligence software solution allows your people to recognise phishing attacks and stop them in minutes. Cofense’s end-to-end phishing defence solution combines cutting-edge technology with collective human intelligence to protect your organisation from inbox to the Security Operations Centre. Offering exclusive deals via our website, click the button below to find out more.

Find out more about Cofense

2) COVID-19 has made cyber security practises more difficult to manage

With resources stretched and other priorities taking over, the survey identified that fewer businesses are up to date with their cyber protection. Only 83% reported up to date malware protection, down from 88% in 2020, and only 78% for network firewalls compared to 83% in 2020.

Testing, regular updates and monitoring is key to ensuring your cyber security practises are up to date. Making all staff aware of keeping their devices updated and taking the time to complete the updates when one becomes available is good practise.

As an additional measure if you have the resource available, scheduling a monthly testing and monitoring session where all protections and firewalls are checked is another way of reducing your business risk to cyber crime.

3) COVID-19 has increased the use of own devices

Fewer firms have rules in place preventing staff using personal devices for work, now 64% in 2021 from 69% in 2020.

The increase in home working due to the pandemic has likely impacted the number of staff using their own devices for work. If your organisation requires this type of working, make sure that controls are put in place to reduce risk.

Ensure that phone devices used are within their support period, for example the iPhone 6s is due to run out this year and will be more vulnerable to risk.

Similarly, if your colleagues are using their own laptops, ensure their version of Windows is current and advise on regular updates. A strong anti-virus and malware protection would also be a good measure to ensure all hardware is secured.

4) Businesses need to better prepare for future uncertainties

Of the organisations surveyed, only 31% had business continuity plans that included cyber security and just 15% had completed an audit of their cyber security vulnerabilities.

These low statistics will directly impact the number of breaches occurring. Without audits completed to identify risks and then plans in place to prevent or reduce the impact, it is likely organisations are falling short of basic cybercrime preventative measures.

If you are not yet identifying and assessing risks, as a starting point we would recommend working through the five controls of Cyber Essentials, a UK government scheme to enhance the cyber security within organisations, suitable for any size or sector. Whilst this a UK-based scheme, organisations worldwide are also implementing the controls as good practise.

The five controls include:

  1. Office Firewalls and Internet Gateways: Secure your internet connection with boundary and host-based firewalls.
  2. Secure Configuration: Settings, passwords, and two-factor authentication.
  3. User and Administrative Accounts: Protecting administrators and limiting access to data and services.
  4. Malware Protection: Viruses, white-listing and sandboxing.
  5. Software Patching: Keep your devices and software up to date.

You can find out more about the scheme via our simple guide to Cyber Essentials.

5) Cyber security remains a high priority

Despite other priorities this past year (global pandemic), 77% of businesses identify cyber security as a high priority within their senior management. (Up from 69% in 2016).

Regardless of good intentions, it can be often difficult to know where to start or what controls to put in place depending on your circumstances.

As mentioned above if you are new to cyber security, Cyber Essentials is a good starting point. However, if your organisation requires a more thorough approach aligning or certifying to ISO27001 for Information Security Management is a good option. It is a risk-based approach and helps identify potential issues and solutions within your business in a controlled and accountable way. You’ll be required to work through the 114 reference controls contained in Annex A. This is a set of good-practice ideas that you can use to make your organisation more secure, and they are organised into 14 areas such as information security policies, human resource security, access control and incident management, to name but a few.

You can find out more about the standard via our simple guide to ISO27001.

How can CertiKit help?

We have complete toolkits to assist complying to Cyber Essentials and ISO27001. Written by a CISSP-qualified audit specialist with over 30 years’ experience, our toolkits include all the documentation and guidance you will need without having to hire a qualified cyber security expert.

View ISO27001 Toolkit

View Cyber Essentials toolkit

We’ve helped more than 4000 businesses with their compliance


Compared to competing toolkits, your ISO27001 document structure was very good. The provided "Introduction" of each was useful (I have moved those out of the core documents and into a more comprehensive manual) for the general audience vs security staff. The inclusion of references to 27017 and 27018 were appreciated. You provided more "ISMS-C" oriented artefacts than competitors.

Trusted By Design Inc.

View all Testimonials