Half of businesses have suffered a cyber security breach in the UK in the last year, according to the government’s annual Cyber Security Breaches survey. Thousands of businesses and charities took part across the country to build an accurate picture of the state of cyber security right now. The overall picture is positive for the industry, as businesses are generally investing more time and money into cyber security measures and are more aware of threats. However, those threats are increasing. Organisations must continue to commit to cyber security so they are not left behind by their contemporaries and become targets for cyber criminals. Here, we’ll discuss some of the key findings from the report, and what they mean for the industry.
What a 2024 breach looks like
A cyber security breach can take various forms, each posing unique challenges and threats to businesses and charities. However, according to the survey, one type of attack rules the roost at the minute. 84% of businesses that reported breaches said they had been targeted by phishing. Among organisations that experienced breaches or attacks, nearly half (46% of businesses and 45% of charities) reported encountering only phishing attacks, instead of any other cyber attack.
Unsophisticated phishing attacks can be developed on a vast scale relatively simply, with little to no technical skills required, which could account for their prevalence in the current cyber security landscape. In fact, most cyber attacks require little technical ability. The survey revealed that the majority of businesses and charities were largely unaffected by breaches, with 92% of businesses and 91% of charities able to restore their operations within 24 hours following their most disruptive breach or attack. Remarkably, almost eight in ten organisations reported taking ‘no time at all’ to recover from their most disruptive breach.
These findings underscore the importance of robust incident response plans and recovery mechanisms to minimise the disruption caused by cyber breaches. By swiftly restoring operations and mitigating the impact of breaches, businesses and charities can effectively manage cyber risks and maintain operational continuity in the face of growing cyber threats.
Cyber Hygiene
To respond to the challenges of the modern cyber security landscape, filled with opportunistic, low-skilled attacks, cyber security companies like OmniCyber Security advise organisations to adopt robust cyber security practices, often referred to as “cyber hygiene” measures. These measures are basic safeguards against a wide range of cyber threats and are crucial for improving overall cyber security. According to the 2024 Cyber Breaches survey, a majority of businesses and charities have implemented various cyber hygiene measures to protect their digital assets.
Among the most common cyber hygiene measures deployed by businesses and charities are updated malware protection, password policies, cloud backups, restricted admin rights, and network firewalls. These measures are administered by at least seven in ten businesses and around half of charities or more. Notably, there has been a slight increase in the deployment of several key controls and procedures among businesses, which makes us all safer. This bucks a worrying trend from recent surveys that showed investment in cyber security falling.
Despite these improvements, there are areas where organisations still lag behind. Only a small percentage of businesses review the risks posed by their partners and suppliers, indicating a gap in managing cyber risks across supply chains. Ignoring these potential risks could create vulnerabilities in your defences that undermine your hard work in improving your own processes and systems.
The qualitative interviews conducted as part of the survey reveal that many organisations have maintained or increased their investment in cyber security over the past year, despite economic challenges. This investment is driven by the increase in the number and sophistication of cyber attacks, underscoring the critical role of cyber security in safeguarding organisational assets and maintaining resilience in the face of evolving threats.
Cyber Essentials
Despite the critical role it plays in bolstering cyber security defences, awareness of the Cyber Essentials scheme remains relatively low among businesses and charities, according to the 2024 Cyber Breaches survey. Only 12% of businesses and 11% of charities showed awareness of the Cyber Essentials scheme, a figure consistent with the previous year but reflecting a decline over the past 2-3 years.
Interestingly, while a tiny percentage of organisations report adherence to Cyber Essentials (3% of businesses and charities), a higher proportion claim to have technical controls in all five areas covered by the scheme. Specifically, 22% of businesses and 14% of charities report having technical controls in place across all five of the areas covered by Cyber Essentials. With minimal effort, these organisations could get certified under the Cyber Essentials scheme, and unlock the opportunities the certification provides, including being able to bid for government contracts.
Incident response
While a large majority of organisations say that they will take several actions following a cyber incident, a minority have agreed and codified processes already in place to support this. These findings are consistent with previous years.
The most common processes, mentioned by around a third of businesses and charities, are having specific roles and responsibilities assigned to individuals, and having guidance on external and internal reporting.
Organisations have faced significant challenges in recent years related to the COVID-19 pandemic and the economic climate. In last year’s survey, smaller organisations in particular highlighted rising costs and challenges with financial planning, due to high inflation, higher energy prices and overall economic uncertainty. This may have resulted in cyber security falling as a priority, relative to these wider concerns. This practice can be dangerous, as a single breach can cripple a business, particularly one already struggling with rising costs.
The overall context is somewhat more stable in the 2024 survey. While economic challenges remain, organisations’ practices and activities have remained broadly similar compared with a year ago, and some longer-term negative trends have stabilised or been partially reversed.
The 2024 Cyber Breaches survey sheds light on the evolving landscape of cyber threats facing businesses and charities in the UK. With half of UK businesses experiencing breaches in the past year, the findings underscore the critical imperative for organisations to prioritise cyber security and adopt robust measures to mitigate cyber risks.
Despite the prevalence of cyber threats, organisations demonstrate resilience in their ability to restore operations swiftly following breaches. However, the survey reveals areas for improvement, particularly in incident response preparedness and supply chain risk management.
As businesses and charities navigate the complex cyber threat landscape, the importance of implementing robust incident response plans, enhancing supply chain cyber security, and raising awareness of essential cyber security measures such as Cyber Essentials cannot be overstated.
With cyber attacks becoming increasingly prevalent and sophisticated organisations must remain vigilant and proactive in safeguarding their digital assets. By investing in cyber security measures, adopting best practices, and fostering a culture of cyber security awareness, businesses and charities can fortify their defences and mitigate the impact of cyber threats effectively.
Take Action
Keep pace with the competition, stay ahead of cyber threats and safeguard your organisation’s digital assets. Partner with OmniCyber Security for expert cyber security solutions tailored to your business needs. From penetration testing to continuous adversary emulation and Cyber Essentials compliance, our comprehensive services strengthen your cyber security and make sure you’re able to defend against growing threats.
To learn more about cyber security best practices and how OmniCyber Security can assist your organisation in fortifying its defences, contact us today.