HomeInsightsGovernment publishes Cyber Security Breaches Survey 2019

Article by

The annual survey from the Department for Digital, Culture, Media and Sport has shown a reduction in the percentage of businesses suffering a cyber breach or attack in the last year.

The Survey shows that 32% of businesses identified a cyber security attack in the last 12 months, which is down from 43% the previous year.

The Government says that the reduction is partly due to the introduction of tough new data laws under the Data Protection Act 2018 and the General Data Protection Regulations (GDPR). 30% of businesses and 36% of charities have made changes to their cyber security policies and processes as a result of the GDPR coming into force in May 2018.

However, of those businesses that did suffer attacks, the typical median number of breaches has risen from four in 2018 to six in 2019. Therefore, businesses and charities suffering cyber attacks and breaches appear to be experiencing more attacks than in previous years.

Where a breach has resulted in a loss of data or assets, the average cost of a cyber attack on a business has gone up by more than £1,000 since 2018 to £4,180. The Government is urging business leaders to do more to protect themselves against cybercrime.

The most common breaches or attacks were phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware.

The Government says that the threat of cyber attacks remains “very real and widespread in the UK”. The figures also show that 48% of businesses and 39% of charities who were breached or attacked identified at least one breach or attack every month.

Small businesses and charities are being urged to take up tailored advice from the National Cyber Security Centre. All businesses should consider adopting the Ten Steps to Cyber Security, which provides a comprehensive approach to managing cyber risks. Implementation of the 10 Steps will help organisations reduce the likelihood and cost of a cyber attack or cyber related data breach.

Organisations can also raise their basic defences by enrolling on the Cyber Essentials initiative and by following the regularly updated technical guidance on Cyber Security Information Sharing Partnership available on the NCSC website. To read the Government’s news release in full and for a link to the Survey, click here.