Nearly half of UK businesses suffered a cyber attack or breach in the last 12 months

The UK government’s Cyber security breaches survey 2017 was published today. We have always been very supportive of this annual survey and were again happy to endorse the fieldwork.

The findings this year are pretty consistent with our experience when speaking to members and others in the field. It finds that just under half of businesses suffered cyber-attacks or breaches in the last 12 months. Attacks and breaches are more common as businesses get bigger and in certain sectors. But the results make clear that this impacts on businesses of all sizes and in all sectors – a point made by my colleague just earlier this week in his blog.

Some of the findings that particularly resonated with me: 

  • Higher awareness - it is good that awareness and prioritisation of cyber security continues to go up, especially in smaller businesses. This is being driven by primarily by experience, and the real impact that attacks such as ransomwear are having
  • GDPR - the low level of awareness around GPDR, especially in smaller businesses, is worrying and highlights the amount of work to be done in the coming months to get all businesses ready for implementation. Concerns about small business readiness were raised by the Information Commissioner in our lecture in January, and we have a range of guidance to help on this topic.
  • Boards - the importance of senior level leadership backs up the findings of our Audit Insights work over the last few years. Where board members are educated about cyber risks, they can play a big role in sharing good practices and knowledge across businesses.
  • Information and advice - it is disappointing to see a very low level of awareness around the government’s cyber resources. Only 4% of those surveyed mentioned using government resources and we hope that the National Cyber Security Centre can help to get the message out more clearly.

The full report contains a lot of detailed and very interesting analysis around cyber security practices, attitudes and experiences in businesses, and we hope to pick up on some of the themes in more detail in future blogs.