#Privacy: High numbers of organisations are unaware that they are cyber-crime targets


This week, the UK government released its results of the 2020 Cyber Security Breaches Survey, conducted to help organisations understand the nature and significance of the cyber-threats they face, and what others are doing to stay secure.

In summary, the survey finds that the extent of cyber security threats has not diminished. In fact, this survey, the fifth in the series, shows that cyber attacks have evolved and become more frequent.

Almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68%), large businesses (75%) and high-income charities (57%)1.

The business findings are in line with those in 2017 (when the question was first asked). The charity findings show a rising incidence, from 19 per cent in 2018 (when charities were first surveyed) and 22 per cent in 2019, to 26 per cent in 2020. This may mean that more charities are being targeted but could also mean that they are better at identifying breaches than before.

Among this 46 per cent of businesses that identify breaches or attacks, more are experiencing these issues at least once a week in 2020 (32%, vs. 22% in 2017). There is a similar pattern over time for charities, although the changes across years are not statistically significant. In 2020, a fifth of these charities (22%) say they experience breaches at least once a week.

The nature of cyber attacks has also changed since 2017. Over this period, there has been, among those identifying any breaches or attacks, a rise in businesses experiencing phishing attacks (from 72% to 86%), and a fall in viruses or other malware (from 33% to 16%).

Errors in the results?

Cybersecurity specialists, Redscan, say they have noticed some flaws in the results of the government survey.

Nearly half of businesses (46%) report having cyber security breaches or attacks in the last 12 months, while a third of this number experiences issues at least once a week. Redscan believes that these numbers do not stack up and it’s highly unlikely that so many businesses are reporting weekly issues, while others say there have been none in the last year.

Commenting on the report, Mark Nicholls, CTO at Redscan, stated:

“It doesn’t come as a surprise to learn that medium-sized and larger business are an attractive target. However, what might just surprise some business leaders, is how persistent these attacks are. Of the 46 per cent of business that identified attacks, nearly a third are experiencing issues at least once a week.

“Phishing attacks are a common problem but it’s curious that the number of organisations experiencing attacks related to malware is reportedly on the decline. Intelligence suggests that there is more malware in circulation that ever, including fileless variants that can be hard to identify.

Mark continued:

“The most concerning thing for me, is the significant number of organisations that have been targeted and aren’t aware of it. While a significant percentage of businesses identify multiple attacks each week, more than half say they haven’t had a single one in 12 months! There’s clearly a big discrepancy in the report’s findings.

“Being able to swiftly detect attacks is key to minimising damage but many organisations still lack the appropriate controls and a deep awareness of what activity to look for.

“It is great to see that cyber security features more highly on the radar of senior management teams. To ensure that security receives the attention it warrants, security teams must ensure that they are able to effectively communicate the value of investments in ways that can be understood by leaders across other areas of the business,” he added.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.