The Cyber Security Breaches Survey 2019 from the Department for Digital Culture, Media & Sport (updated on 1 July 2019) makes for a sobering read, as it analyses how UK businesses and charities have been affected by cyber security threats over the last year. It is intended to help businesses understand the nature of the current cyber security threats, as well as what other organisations are doing to protect themselves.
Some of the key conclusions from the Survey include:
- the businesses which have the most sophisticated approaches to dealing with cyber threats tend to be the ones which take a "holistic" approach to such risks, considering the reputational issues, business continuity risks, and damage to client/supplier relationships alongside the purely financial/IT related risks;
- there are big differences between the way businesses in different sectors/industries respond to cyber threats, with the food/hospitality and construction sectors the least likely to take preventative measures to minimise their cyber risks;
- very few micro and small businesses have any written cyber security policies or procedures in place, and many do not provide any cyber awareness training either;
- that said, even large businesses reported that 41% still do not have a board member with specific responsibility for cyber security issues, and most businesses are still not systematically considering potential cyber security risks in their supply chain.
Perhaps most concerning is the finding that although the overall number of identified cyber breaches seems to have fallen, those cyber attacks which are successful in penetrating a business' defences are causing more significant business disruption and more severe financial consequences than in previous years. This trend suggests that cyber attacks are becoming more targeted (and damaging), as they move away from the old "scattergun" approach.
If you have any queries about how to reduce your business' cyber risks, or what to do if you have been a victim of cyber fraud, please get in touch with me at firstname.lastname@example.org.
32% of UK businesses have identified a cyber security breach or attack in the last 12 months, with almost half of them suffering at least one breach or attack a month