Skip to content
Survey, results, magnifying glass
Survey, results, magnifying glass

News -

Cyber security moves up the agenda, but one in three businesses suffer weekly cyber attacks according to new UK government report

Cyber security is now seen as a high priority for more businesses than ever before, according to new research from the Department for Culture, Media and Sport (DCMS) in the UK.

Yet, the Cyber Security Breaches Survey 2022 also found one in three businesses (31%) now experience breaches or attacks at least once a week.

This increase comes as many of the metrics by which DCMS measure cyber resilience have either flatlined or declined over the past two years – and businesses’ overall ability to mitigate against the effects of attacks has actually levelled off.

Businesses are now less capable of identifying breaches than they were two years ago, and also tend to take a more informal approach to incident management, with fewer than one in five businesses having a formal incident management plan, for example.

What’s more, only 6% of businesses have the Cyber Essential certification, and fewer than one in ten organisations actively monitor risks within their supply chain.

This dip comes alongside a growing trend of organisations not publicly discussing their cyber security profile. This could be due to reputational concerns or being negatively compared with peers, and it’s led to cyber security being limited – or even omitted entirely - in annual reporting, according to the survey.

The survey also showed a large disparity between organisations that have the skills and capability to respond to a cyber attack, and those that don’t. It identified a lack of technical know-how both within smaller organisations, and at a senior level in larger organisations. This – alongside a clear lack of commercial narrative to effectively negotiate a cyber security budget – is resulting in businesses taking a more reactive approach to cyber security.

Disparities also continue to be noticeable across different sectors of the economy. While finance and insurance and information and communications are shown to have the most advanced cyber security practices, others – such as hospitality and construction – still have some way to go.

Ollie Whitehouse, Global Chief Technology Officer at NCC Group, commented:

“Although the report has really highlighted the widening gap between those who have the skills and capabilities to sure up their cyber resilience and those that don’t, it’s important to note that lack of cyber expertise occurs not only in smaller organisations but in larger ones as well. As the UK looks to embed a whole-of-society approach to cyber security, it provides further evidence that there is an urgent need to improve cyber literacy at every level – all the way from FTSE 100 boards down to small businesses and charities.

“Moreover, the report serves as a reminder that we should be treating cyber as a science. We must transition to a world where evidence is provided of efficacy in real-world operating conditions, against realistic threat scenarios, in ways that don’t require you to be an expert in the subject to understand. When armed with this knowledge, businesses can not only increase their own resilience, but make better strategic decisions.”




NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7976234970

Related content

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom