The Department for Digital, Culture, Media and Sport (DCMS) has published the results of its 2019 Cyber Security Breaches Survey today, which measures how UK organisations approach cyber security and the impact of breaches.
The survey shows that the percentage of businesses experiencing cyber breaches or attacks has dropped from 43% to 32% in the last year, a reduction that has been partly attributed to the impact of new data laws under the Data Protection Act and the General Data Protection Regulation (GDPR).
However, the survey also showed that businesses that did suffer attacks tended to experience a higher volume of attacks than in previous years surveys, while the financial cost of a breach resulting in a loss of data or assets has consistently risen since 2017.
Commenting on the results, Ollie Whitehouse, global chief technical officer at NCC Group said: “It is encouraging that organisations are increasingly rating cyber security as a high priority. That 59% of businesses and 47% of charities have sought external support with cyber security in the last 12 months is particularly welcome, and suggests that more organisations are shaking off the elephant in the boardroom when it comes to cyber.”
“However, there is room for improvement, with just over a third of businesses appointing specific responsibility for cyber security to a board member or trustee, and just 16% having formal cyber security incident management processes in place. This has to change in the near future.
“Businesses must allow cyber security knowledge to drip down through their organisations from the top, and make use of initiatives like the government’s 10 Steps to Cyber Security Guidance to bolster their overall cyber resilience.”
“The survey also shows that many businesses had changed their cyber policies as a result of GDPR. This is to be welcomed, but it’s important that businesses take a holistic, proactive approach to cyber security, and do not solely hook their strategies on major pieces of regulation. These do not cover every aspect of an organisation’s cyber defences, and do not always stay ahead of the constantly evolving threat landscape.”
“Overall, the survey suggests that businesses and government can work more closely to improve cyber security across the board. There are simple steps that businesses can take today, but this must be underpinned by clear access to support and information from the government and public-sector bodies.”