Every organisation understands the need to protect themselves from cyber attacks and breaches, but do you fully understand why? In this article, we examine the Government’s latest Cyber Security Breaches Survey and its findings, and explain why Cyber Security should be at the forefront of every CIO and IT Manager’s mind.
Cyber attacks
Over the past 12 months, 39% of UK businesses identified a cyber attack – and although slightly down from the previous five years, there is evidence to suggest that less cyber-mature organisations are underreporting, meaning the exact percentage could be higher.
Of the 39%, the most common source of attack with an eye-watering 83%, was phishing attempts and one in five (21%) were victims of more serious attacks such as denial of service, malware and ransomware attacks – with 56% of businesses having a policy of NOT paying ransoms.
Frequency, impact and cost
A combined 57% of organisations and charities who reported cyber attacks advised these occurred on a weekly basis, with 39% saying they experienced a negative impact due to a cyber attack.
When taking monetary losses into account, it is estimated that on average, medium to large organisations experienced a financial loss of £19,400 over the past 12 months. The National Cyber Security Centre did however acknowledge they do lack a framework for financial impacts which may lead to underreporting.
Board engagement and risk management
At board level, four out of five (82%) senior management teams within UK businesses recognise Cyber Security as either a “very high” or “fairly high” priority, which is up by a massive 77% from last year. As cyber crime increases, board members expect to be updated on security matters at least quarterly, with 80% of large organisations reporting this fact.
With regards to risk management, 63% conducted a risk assessment within their business and 61% carried out staff training around Cyber Security. What should come to no surprise is that 54% of those surveyed have acted over the past 12 months, with most businesses implementing a security monitoring tool to quickly identify threats. The survey does however show a lack of board understanding, meaning many risks were either ignored or not taken seriously enough to act.
Outsourcing, supply chain and incident management
Although many organisations surveyed understand the threats and pitfalls of cyber attacks, 60% of large businesses would rather outsource their Cyber Security to a trusted partner rather than deal with it in-house – and, scarily, only 19% have an incident response plan! Out of all organisations who contributed to the survey, many showed a reactive approach and only contacted board members or made plans against attacks after the fact.
What does this mean for your organisation?
Cyber attacks, breaches and threats can be a scary thought for any organisation, but if you decide to only reactively implement a security plan after an attack, you may experience negative impacts such as data loss, financial loss or worst of all, reputation damage.
With so many businesses having policies which do not allow the payment of ransoms, but most also experiencing some sort of cyber attack on a weekly basis, doesn’t it make sense to partner with experts who you can trust? At Daisy, we have Cyber Security specialists who can advise, consult and help you implement a solution which will minimise the threat of future cyber attacks and breaches.
Check out our Cyber Security portfolio or speak to one of our specialists by calling 0344 863 3000.
Source: Cyber Security Breaches Survey