39% of UK businesses identified a cyber attack in the last 12 months
Issued on 30th March 2022, the latest Cyber Security Breaches Survey has revealed that 39% of UK businesses identified a cyber attack in the last 12 months. The survey also highlighted the fact that enhanced cyber security leads to higher identification of such attacks and that organisations with a less mature cyber security measures may have a tendency to underreport.
What is the Cyber Security Breaches Survey?
Now in its sixth consecutive year, the Cyber Security Breaches Survey is a government research study for UK cyber resilience. Aligned with the National Cyber Strategy it helps to inform government policy on cyber security with the aim of making the UK cyber space a secure place in which to do business.
Exploring the various policies, processes and approaches to cyber security that businesses, charities and educational establishments have in place, it also takes into account the different cyber attacks they have to face and the impact and response to them.
What were the most common types of cyber attack?
Phishing attempts at 83% accounted for the highest number of identified cyber attacks. Denial of service, malware and ransomware attacks stood at 21% but, despite its low prevalence, organisations referred to ransomware as a key threat. 56% businesses taking part in the survey also stated that they had a policy not to pay ransoms.
How often were cyber attacks identified?
Perhaps one of the most alarming findings of this year’s survey is that, of the organisations reporting cyber attacks, 31% of businesses and 26% of charities assessed that an attack took place at least once a week. What’s more, one of five businesses stated that they felt that the attack resulted in a negative outcome and one third of businesses experienced at least one negative impact.
The financial impact of cyber attacks
Based on the material outcome – be that loss of money or data – the average estimated cost of all cyber attacks over the last 12 months equates to £4,200. However, that figure increases to £19,400 if only medium and large businesses are considered. The caveat in this area is that there is still a lack of a standard framework for calculating the financial impact of a cyber attack so this has the potential to lead to underreporting.
What can be done to prevent a cyber attack?
It was refreshing to read that 49% of the businesses participating in the survey had acted in 5 of the 10 areas outlined in the National Cyber Security Centre’s ‘10 Steps to Cyber Security’ but this needs to be 10 out of 10! This guidance is specifically designed to help companies protect themselves in cyberspace and is great place to start if you haven’t already implemented a cyber security policy.
It is also well worth implementing Cyber Essentials, a scheme backed by government and industry that is designed to help organisations to protect themselves against a range of common cyberattacks. The Cyber Essentials scheme facilitates the achievement of two levels of certification: Cyber Essentials and Cyber Essentials Plus. The first is a self-assessment option offering protection against the most common cyberattacks. The latter is an extension of Cyber Essentials and demands the completion of a hands-on technical verification.
Get protected today!
If you have any questions about cyber security and how best to protect your business, or if you’d like support to gain Cyber Essentials certifications, please get in touch. Call us 0333 358 2222 or email [email protected] and we’ll get your business protected.