#Privacy: Nearly half of UK firms report security breach or cyber attack over past year


Research has identified an increase in the volume of businesses reporting security incidents. 

The annual Cyber Security Breaches Survey, released by the Department for Digital, Culture, Media and Sport (DCMS) found that during the past 12 months almost half (46%) of UK businesses suffered a security breach or cyber attack.

The number of medium-sized business and large enterprises reporting incidents has increased to 68% and 75% respectively. 

Out of the 46% of business reporting incidents, more are experiencing these breaches or attacks at least once every week. 

The DCMS also found that since 2017, there has been an increase in businesses experiencing phishing attacks from 72% to 86%, whilst the survey reported a decrease in virus and malware, from 33% to 16%. 

It should be noted that despite the increase in incidents, organisations have become more resilient and less likely to be negatively impacted. 

“Over the past five years, there has been greater board engagement in cyber security and increased action to identify and manage cyber risks. These improvements may underpin the fact that organisations have become more resilient,” the report said.

“Eight in 10 businesses say that cyber security is a high priority for their senior management boards (80%, up from 69% in 2016). Three-quarters of charities said this about their senior management (74%, up from 53% in 2018).”

The study also found that businesses are more likely to seek out information and guidance relating to cyber security, to which could be explained by the implementation of the EU General Data Protection Regulation (GDPR). 

However, there is still work to be done, as just 32% of respondents reported having cyber insurance, 50% reported conducting audits in the past year, 15% reported reviewing their supply chain risk, and just 27% stating they’d reported breaches to anyone beyond their IT/security providers. 

Mark Nicholls, CTO, Redscan told Infosecurity Magazine: “The most concerning thing for me, is the significant number of organisations that have been targeted and aren’t aware of it. While a significant percentage of businesses identify multiple attacks each week, more than half say they haven’t had a single one in 12 months.”

“Being able to swiftly detect attacks is key to minimizing damage but many organisations still lack the appropriate controls and a deep awareness of what activity to look for.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.