March 29, 2021
Respondents to the Survey were asked about their approach to cyber security and any breaches or attacks over the 12 months before the interview. Main survey interviews took place between October and December 2020. Qualitative follow up interviews took place in January and February 2021.
The Survey found that two in five businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the last 12 months. The Survey also showed that the cyber risk to organisations is heightened because of the coronavirus pandemic, which has made securing digital environments more challenging as organisational resources are diverted to facilitating home working for staff.
The Government is now encouraging businesses, charities and educational institutions to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC). It includes advice on the secure use of video conferencing, secure home working and how to move a business from physical to digital.
The Survey showed that fewer businesses are using security monitoring tools to identify abnormal activity which could indicate a breach, suggesting that firms are less aware than before of the breaches and attacks staff are facing. The figure has dropped 5% since last year to one in three firms (35%). Only 83% of businesses have up-to-date anti-virus software, also down 5% from the previous year.
The most common breaches or attacks were phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware. Where a breach has resulted in a loss of data or assets, the average cost of a cyber attack on a business is £8,460. This figure rises to £13,400 for medium and large businesses.
The figures also revealed that nearly half of businesses (47%) have staff using personal devices for work, but only 18% have a cyber security policy on how to use those personal devices at work. Less than a quarter of businesses (23%) have a cyber security policy covering home working.
Despite the challenges of the pandemic, cyber security remains a high priority for business leaders. More than three quarters (77%) of businesses say cyber security is a high priority, up 12% from the 2016 report.
The Government is investing £1.9 billion in the National Cyber Security Strategy over five years to support a prosperous digital economy. This includes delivering a programme to improve businesses’ cyber resilience, set high industry standards and provide organisations with expert advice and guidance. To read the Government’s press release in full and for access to the Survey, click here.