The UK Department for Digital, Culture, Media & Sport recently published a report to help businesses and charities understand the nature of the cyber security threats they face. Notably, the “Cyber Security Breaches Survey” found that cyber-attacks continue to evolve and are more frequent, with close to 50% of businesses and more than a quarter of charities reporting a security breach in the past year.
Although organizations that suffer a breach still incur substantial costs, the positive news is that they have become more resilient, with faster recovery times and fewer negative outcomes or impacts. This may be due, in part, to the increased involvement in board engagement, with eight in 10 businesses and three-quarters of charities stating that cyber security is a high priority for their senior management boards.
Nonetheless, each breach and eventual combo package results in our personally identifiable information circulating in underground markets as fresh material for threat actors to use.
The report found that phishing attacks targeting businesses have jumped 14% since 2017. More than 80% of businesses and charities have received fraudulent emails in the last 12 months, and COVID-19 will surely exacerbate this problem. Organizations have a responsibility to educate their employees on cybersecurity, because human error – which is entirely preventable – is often times the cause of a breach.
The extent of cyber security threats has not diminished. In fact, this survey, the fifth in the series, shows that cyber attacks have evolved and become more frequent. Almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68%), large businesses (75%) and high-income charities (57%)1. .... Organisations have become more resilient to breaches and attacks over time. They are less likely to report negative outcomes or impacts from breaches, and more likely to make a faster recovery. However, breaches that do result in negative outcomes still incur substantial costs.