Large (74 per cent) and medium-sized (70 per cent) businesses and high income charities (66 per cent) reported having experienced a cyber security breach or attack over the past year, according to the government’s annual survey on the issue.
Respondents said that the most common form of breach was phishing – businesses 84 per cent and charities 83 per cent. This was followed by others impersonating organisations (35 per cent) and viruses and malware (17 per cent).
Controls rising
“The most common cyber threats are relatively unsophisticated, so government guidance advises businesses and charities to protect themselves using a set of ‘cyber hygiene’ measures,” the report said. “A majority of businesses and charities have a broad range of these measures in place.”
Unlike in previous years’ surveys, businesses reporting that they had put controls and procedures in place were up. For example, 83 per cent of respondents said they were using up-to-date malware protection compared with 76 per cent last year.
Risk management
“Businesses are more likely than charities to take actions to identify cyber risks,” the report said. In particular, large companies are the most advanced. For example, while 72 per cent of large businesses and 63 per cent of medium-sized businesses had conducted risk assessments over the past 12 months, only 26 per cent of charities had carries out the same task.
Supply chain cyber risk is relatively neglected – even fewer than half (48 per cent) of large businesses said they had assessed the risk posed by immediate suppliers. Overall, the figure was just one in 10 businesses saying they carried out cyber security reviews of key suppliers.
“The qualitative interviews suggest that organisations have an increasing awareness of the cyber security risks posed by supply chains,” the report said. “Despite this, organisations, particularly at the smaller end, tend to have limited formal procedures in place to manage cyber risks from wider supply chains.”
Costs
Cyber breaches are not necessarily that expensive to deal with – excepting high-profile cases and the potential damage to reputation. On average, a single breach cost about £1205 – large and medium-sized businesses said it was about £10,830.
This website uses cookies to ensure you get the best experience on our website.
Read our Privacy Statement & Cookie Policy
