According to the latest government survey on cyber security breaches, 50% of UK businesses and less than 30% of charities have experienced cyber attacks or data breaches in the past year. The numbers are significantly higher than the previous year’s statistics, but changes to the survey question make direct comparisons difficult. The most common types of incidents reported were phishing, impersonation attempts, and viruses or malware. The average cost of the most disruptive incident was £1,205 for organizations that experienced attacks. The survey also revealed improvements in cyber security hygiene, such as the implementation of controls, policies, and tools. However, the survey highlighted areas of concern, including the lack of cyber security awareness and buy-in at senior levels, inadequate supply chain security measures, and low incident reporting rates. The survey also showed a decline in organizations following external guidance or achieving cyber security certification. Industry experts expressed disappointment with the lack of focus on cyber security, particularly among smaller businesses, and criticized the lack of incident response plans and appropriate record keeping. They also questioned the accuracy of the survey’s financial cost estimates for cyber incidents and warned against complacency. Experts stressed the importance of implementing essential security controls, improving cyber hygiene, and attaining continuous visibility and control over cyber risks. They emphasized the role of CISOs in risk management and communication with stakeholders.
Menu
