An update on Cybersecurity in the UK
The government has published the results of the Cyber Security Breaches Survey 2019. This looks at how UK organisations approach cybersecurity, and the impact of breaches.
Trends in cybersecurity in the UK in 2019
According to this report:
Cyber-attacks are a persistent threat to businesses and charities
Around a third of businesses and two in ten charities report having cybersecurity breaches or attacks in the last 12 months. Among those organisations facing breaches or attacks, the most common types are:
- Phishing attacks
- Others impersonating an organisation in emails or online
- Viruses, spyware or malware, including ransomware attacks.
For businesses, the proportion identifying breaches or attacks is lower than in 2018. The survey is unclear why this has happened. It could be because companies are generally becoming more cyber secure. However, another possibility is that more attacks are being focused on a narrower (though still numerous) range of businesses. The survey also suggests that some companies may be less willing to admit to having cybersecurity breaches following GDPR.
Where businesses have lost data or assets through cyber security breaches, the financial costs from such incidents have consistently risen since 2017
When looking at cybersecurity in the UK, the report states that among those businesses recording breaches or attacks, in 30% of cases this resulted in a negative outcome (e.g. a loss of data or assets). For charities, this happened 21% of the time.
The average cost to a business which lost money following a cyber-attack was £4,180. This is higher than in 2018 (£3,160) and 2017 (£2,450). However, for larger firms this jumped to £22,700 in 2019. For charities, the average cost was £9,470.
So, the costs of cybersecurity breaches can be substantial. But more than this, the survey also states that: "the indirect costs, long-term costs and intangible costs of breaches - things like lost productivity or reputational damage - tend to be overlooked. This means that, when organisations reflect on their approaches to cybersecurity, they may be undervaluing the true cost and impact of cyber security breaches".
More businesses and charities than before have taken positive steps to improve their cybersecurity
This is in part linked to the introduction of GDPR. However, while this report found that security is increasingly a priority issue for organisations (78% of business and 75% of charities), it does not appear that actions are reflecting this shift.
In fact, only 30% of businesses and 37% charities have made improvements to their cybersecurity since GDPR.
Of those who have made improvements in a bid to stop cyber-attacks and data breaches:
- 60% of business and charities have created new policies
- 15% of businesses and 17% of charities have had extra staff training or communications
- 6% of businesses and 10% of charities have improved their contingency plans.
However, in more positive news, there are year-on-year improvements in these areas.
There is still more that organisations can do to protect themselves from cyber risks
So, the increasing prioritisation of cybersecurity has not always been matched by increased engagement and action. In fact, according to the findings:
- Just 35% of businesses and 30% of charities have a board member or trustee with specific responsibility for cyber security
- Only around 18% of businesses and 14% of charities require their suppliers to adhere to any cyber security standards
- Just 16% of businesses and 11% of charities have formal cyber security incident management processes in place.
Organisations are open to receiving guidance or checklists. However, they expect such guidance to be pushed out to them
Today, UK organisations are open to improving their cybersecurity processes, but they still appear to be reluctant to take responsibility for doing this. Just 59% of businesses 47% of charities have sought external information or guidance on cybersecurity in the last 12 months.
You can read the report in full here.
Helping individuals and organisations to become more cyber aware and cyber safe
Hayes Connor Solicitors is a niche firm operating in the data breach sector. We help our clients to claim the compensation they deserve following data protection breaches and other cyber offences such as computer fraud, identity theft, defamation, hacking and phishing scams.
A relatively new and evolving area of law, our specialist solicitors lead our field when it comes to understanding the complexities involved.
We make sure our clients have as much information as possible before claiming so that they feel fully informed at all times. And we provide a wide range of information to help our clients protect themselves once a breach has occurred. We also raise awareness of the growing threat of cybercrime and data breaches, as the more people are aware of the risk, the better-protected everyone will be.
For advice on how to keep your data safe, follow us onTwitterandFacebook. Or, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.