25 Apr Government: Half Of UK Businesses Suffered Security Breach Last Year
Government report highlights the security threats facing businesses and the impacts of being breached
The average UK business identified 998 security breaches in the last 12 months and 13 percent were breached daily, according to a survey commissioned by the Department for Culture, Media and Sport (DCMS) as part of the National Cyber Security Programme.
The survey lays bare the security threats facing businesses. For example, just under half (46 percent) of all businesses suffered at least one cyber security breach or attack within the same timeframe, rising to 66 percent for medium firms and 68 percent for large organisations.
The survey found that businesses which hold electronic personal data on customers are more likely to have suffered a breach (51 percent compared to 46 percent), with the most common type of breach related to staff receiving fraudulent emails, cited in 72 percent of cases.
This was followed by viruses such as spyware and malware (33 percent), outsiders impersonating employees in emails or online (27 percent) and ransomware (17 percent).
Security breaches can impact organisations in several different ways, with perhaps the most obvious being the financial cost. Among the 46 per cent of businesses that detected at least one breach in the last 12 months, the average business faces costs of £1,570 as a direct result.
As you would expect this is much higher for the average large firm, coming in at £19,600, but medium firms (£3,070) and small firms (£1,380) also incur substantial costs from being breached.
Of course, not all impacts are material in nature. 41 percent of businesses who identified a breach – representing nearly a fifth (19 percent) of all UK businesses – said they had been directly impacted in some way.
These outcomes include the temporary loss of files or network access (23 percent), systems becoming corrupted (20 percent), being forced to implement new protective measures (38 percent) and having staff time taken up in dealing with and responding to the breach (34 percent).
Despite all this, the reporting of breaches still leaves a lot to be desired, something which will have to change when the Global Data Protection Regulations (GDPR) are introduced next year.
Only a quarter (26 percent) of businesses reported their most disruptive breach to anyone other than a cyber security provider, suggesting that organisations lack awareness of who to report to and the reasons behind breach reporting.
The positive of all this is that 74 percent of UK businesses say cyber security is now a high priority for their senior management, with 31 percent saying it is a very high priority. Those viewing security as a very low priority has dropped from 13 percent to just 7 percent, which the report notes is “a change mainly seen among the micro and small business population”.
Businesses are also actively taking steps to improve their defences, whether that be through seeking guidance or investing in security.
Over half (58 percent) or business sought information, advice or guidance on cyber threats facing their organisation over the past year, turning to the likes of extrenal consultants (32 percent) and online searches (10 percent).
An even higher percentage have increased their financial investment, with 67 percent of businesses spending money on their cyber security, a figure which is also higher for medium (87 percent) and large firms (91 percent).
A third of businesses now have a formal policy that covers cyber security risks, 29 percent have made specific board members responsible for cyber security and 20 percent have sent staff for training.
However, there are still some gaps. Only 11 percent of firms have a cyber security incident management plan in place, 37 percent have segregated wireless networks or any rules around data encryption and just 13 percent require suppliers to adhere to specific security standards.
“The Cyber Security Breaches Survey series shows that cyber security is an issue that affects UK businesses of all sizes and sectors”, the report concludes, which comes hot on the heels of yesterday’s report finding that one in five UK businesses has suffered a cyberattack.