The 2023 Cyber Breaches Survey has been released, highlighting key findings about the state of the UK’s cyber health.
This year’s study found that cyber security breaches and attacks remain a common threat, with 32% of businesses and 24% of charities recalling any breaches or attacks within the last 12 months – but with cyber security taking a back seat in the minds of many, falling behind economic issues like inflation.
In more positive news, a majority of businesses and charities have a broad range of measures in place, with the most common being endpoint security software (75%), cloud backups (70%), restricted admin rights (67%) and network firewalls (66%).
However general cyber hygiene may actually be getting worse. The report also highlights that the routine avoidance of relatively unsophisticated threats needs greater attention over more advanced hacking, with smaller businesses in particular losing ground in some very fundamental areas, including:
Use of password policies (79% in 2021, vs. 70% in 2023)
Use of network firewalls (78% in 2021 vs. 66% in 2023)
Restricting admin rights (75% in 2021, vs. 67% in 2023)
Security updates within 14 days (43% in 2021, vs. 31% in 2023).
A mere three-in-ten businesses have undertaken any kind of cyber security risk assessment – again showing low scores among smaller firms and driven in most cases by either changes at board level or the demands of customers – corresponding to an increase in businesses reporting checks on their own suppliers.
“Taken together, these findings highlight an increasing cyber hygiene challenge among small to medium enterprises (SMEs) in the post-pandemic era.”
Fewer than four-in-ten businesses have cyber security insurance, just 21% have an incident response plan, and only 14% of businesses are even aware of the NCSC’s important Cyber Essentials Scheme. A mere 9% successfully adhere to ISO 27001 standards.
In particular, the survey highlighted the food and hospitality sectors, entertainment and the construction sectors for reporting low take-up of cyber security measures. The UK’s largest businesses generally report higher scores across all areas, with the exception of patch management (44%) and restricting access to organisation-owned devices (31%).
Among the 11% of businesses that have suffered cyber crime in the last 12 months, the annual (mean) cost of an incident is now estimated to be approximately £15,300 per victim.
For Cyber Security advice and expertise, please contact our team today.