Cybersecurity report finds more focused and frequent breaches or attacks
The government's annual Cybersecurity Breaches Survey 2019 has revealed that the overall figures for identified data breach or cybersecurity incidents had decreased from 43% in 2018 to 32% in 2019, however, the average number of known incidents had tripled from two in 2017 to six in 2019.
Commissioned by the Department for Digital, Culture, Media & Sport, the report found that nearly a third (32%) of businesses had identified a cybersecurity breach or attack during the previous 12 months. Nearly half of those (48%) had identified at least one breach or attack per month.
The study found that data breaches and cyber-attacks were more prevalent within medium sized businesses (60%) and large organisations (61%).
Kingsley Hayes, managing director at data breach and cybersecurity specialist Hayes Connor Solicitors, said: "The report highlights that cyber attacks and data breaches are more focused and frequent. There are several factors influencing the figures from increased awareness and reporting in the advent of GDPR, to a growing number of organisations addressing cybersecurity on a more strategic level."
"It is no surprise that medium and large organisations are more vulnerable with the volume of data held attractive to cyber criminals and large staffing numbers increasing the chances of human error leading to a serious data breach."
"The report has revealed a positive trend in organisations taking cybersecurity more seriously, GDPR has no doubt greatly influenced changing behaviours by increasing awareness and accountability."
The survey found that since GDPR came into effect, nearly a third (30%) of businesses had made changes to their cybersecurity. Three fifths (60%) had created new policies; 15% delivered additional staff training and communication; 11% changed their organisation's firewall or system configuration and 6% had created contingency plans.
Kingsley Hayes continued: "It is positive to see that some businesses are taking robust steps to protect their data and assets however, the report exposes that there are still a vast majority who are still not implementing all the preventative measures required to protect their business, their customers and their reputation."
The survey reported that the most common data breaches were phishing attacks, organisations being impersonated online or via emails and viruses, spyware or malware.