2020 Cyber Security Breaches Survey results published by UK Government
- Published: Friday, 27 March 2020 09:14
The UK Department for Digital, Culture, Media & Sport has released the results of the annual survey of cyber security breaches across UK organizations. The Government surveyed UK businesses and charities to find out they approach cyber security and help Government learn more about the cyber security issues faced by industry. The research informs Government policy on cyber security and how Government works with industry. This year’s report also surveyed the education sector for the first time.
Key findings include:
- The extent of cyber security threats have evolved and become more frequent. Almost half of businesses (46 percent) and a quarter of charities (26 percent) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68 percent), large businesses (75 percent) and high-income charities (57 percent).
- Among the 46 percent of businesses that identify breaches or attacks, more are experiencing these issues at least once a week in 2020 (32 percent, vs. 22 percent in 2017).
- The nature of cyber attacks has also changed since 2017. Over this period, there has been, among those identifying any breaches or attacks, a rise in businesses experiencing phishing attacks (from 72 percent to 86 percent), and a fall in viruses or other malware (from 33 percent to 16 percent).
- Organizations have become more resilient to breaches and attacks over time. They are less likely to report negative outcomes or impacts from breaches, and more likely to make a faster recovery. However, breaches that do result in negative outcomes still incur substantial costs. Among the 46 per cent of businesses that identify breaches or attacks, one in five (19 percent) have experienced a material outcome, losing money or data. Where businesses have faced breaches with material outcomes, the average (mean) cost of all the cyber security breaches these businesses have experienced in the past 12 months is estimated to be £3,230. For medium and large firms, this average cost is higher, at £5,220.
- Over the last five years, there has been greater board engagement in cyber security and increased action to identify and manage cyber risks. These improvements may underpin the fact that organizations have become more resilient.