UK Government publishes annual Cyber Security Breaches Survey
- Published: Tuesday, 09 April 2019 12:40
The Cyber Security Breaches Survey is a quantitative and qualitative survey of UK businesses and charities which is published each year by the Government, providing a useful record of how cyber attacks have developed.
This year's report was published by the Department for Digital, Culture, Media & Sport and was supported by Ipsos MORI and the University of Portsmouth.
Key findings include:
- Fewer businesses have identified breaches or attacks than in previous years, but the businesses that have identified attacks are typically experiencing more of them.
- Around a third (32 percent) of businesses report having cyber security breaches or attacks in the last 12 months. As in previous years, this is much higher specifically among medium businesses (60 percent), large businesses (61 percent) and high-income charities (52 percent).
- The report says that ‘one plausible explanation for fewer businesses identifying breaches is if they are generally becoming more cyber secure. The survey shows that businesses have increased their planning and defences against cyber attacks since 2018. This may have resulted in fewer attacks overcoming their systems, and fewer businesses recording any cases. Another possibility is a change in attacker behaviour, with more attacks being focused on a narrower (though still numerous) range of businesses.’ Alternatively, ‘the trend may, in part, be explained by a change in the way business responded to the survey question’, with GDPR leading to some businesses becoming less willing to admit to having cyber security breaches.
- Where businesses have lost data or assets through cyber security breaches, the financial costs from such incidents have consistently risen since 2017. However, qualitative findings suggest that indirect costs, long-term costs and intangible costs of breaches tend to be overlooked, meaning that organizations may be undervaluing the true cost and impact of cyber security breaches.
- Around three-quarters of businesses (78 percent) say that cyber security is a high priority for their organization’s senior management. This is higher than in 2018, when it was 74 percent of businesses, and reflects a longer-term upwards trend going back to 2016 (when it was 69 percent).
- Just over a third of businesses (35 percent) have a board member specific responsibility for cyber security. This is higher than in 2018 when it was 30 percent.
- Very few organizations (16 percent of businesses) have formal cyber security incident management processes in place.
Read the report (PDF).