Insights Government publishes Cyber Security Breaches Survey 2022

The Government is urging businesses and charities to strengthen their cyber security practices now as the Survey shows that the frequency of cyber-attacks is increasing. Almost one in three businesses (31%) and a quarter (26%) of charities suffering attacks said that they now experience breaches or attacks at least once a week.

However, although the Survey shows that the frequency of cyber-attacks is rising, the number of businesses which experienced an attack or breach remained the same as 2021 levels. Almost a third of charities (30%) and two in five businesses (39%) reported cyber security breaches or attacks in the last 12 months.

The National Cyber Security Centre (NCSC) has also issued a note stating that it is not aware of any current specific cyber threats to UK organisations in relation to events around Ukraine but is encouraging organisations to follow its guidance to reduce the risk of falling victim to an attack. Small businesses should adopt the Cyber Essentials scheme to protect against the most common cyber threats, such as phishing attacks, and use the Small Business Guide to improve cyber security practices. Larger organisations should use the Board Toolkit to get company executives to act on cyber resilience, and charities should follow the Small Charity Guide to boost cyber security operations.

Following a wave of high-profile attacks over the past year including on Kaseya, Colonial Pipeline and Microsoft Exchange, the Government says that there has been increased attention on the cyber security of supply chains and digital services. As a result, according to the 2022 Survey, four out of five senior managers (82%) in UK businesses now say that they see cyber security as a “very high” or “fairly high” priority, up from 77% in 2021. This is a significant increase and the highest figure seen in any year of the cyber security breaches survey.

The 2022 Survey also found that 40% of businesses and almost a third of charities (32%) are using at least one managed service provider, but only 13% of businesses reviewed the risks posed by immediate suppliers.

The Government is aiming to strengthen critical businesses’ cyber resilience by updating the Network and Information Systems (NIS) Regulations 2018, which set out cyber security rules for essential services, such as water, energy, transport, healthcare and digital infrastructure. The Government says that this will make sure the legislation remains effective and keeps pace with technology. It includes proposals to expand the NIS Regulations to include managed service providers which essential and digital services depend on to operate, to minimise the risk of attacks. To read the Government’s press release in full and for a link to the 2022 Survey, click here.