50% of businesses had a cyber incident in the last year
Published: Monday, 22 April 2024
2024 Cyber Breaches Survey results
More cyber breaches are being detected, but they are not all being reported
Overall picture
Overall picture
The Government’s 2024 Cyber Breaches Survey has just been published with the latest statistics on reported cyber crime as part of the National Cyber Security Programme.
As the survey was based on breaches or attacks that firms ‘were able to identify and willing to report’, the real number of incidents is likely to be much higher. Sole traders, who account for over 56% of businesses, in the UK were excluded from this survey.
Half of UK businesses surveyed reported having experienced a cyber security breach or attack in the past year with approx. 44% becoming victim of cyber crime (losing data and/or incurring costs). The report estimates that firms encountered 7.78 million cyber crimes in the previous 12 months.
Most common methods of cyber crime
84% of attempted attacks were phishing i.e. staff receiving fraudulent emails or arriving at fraudulent websites.
The next most common crime was spoofing with 35% of firms identifying emails that impersonated staff or their organisation.
Both phishing and spoofing are becoming more sophisticated with AI but often rely on staff not noticing subtle changes in typeface, colours, spelling, turn of phrase, email addresses and, latterly, video and audio footage. Regular training can help keep this ‘front of mind’, yet around 82% of businesses (mostly smaller firms) are not providing at least annual training to their staff.
The third most reported incidence of cyber crime was malware such as viruses or spyware – 17% had experienced these. Larger companies (defined as those with over 250 employees) are more likely to have been targeted with malware (40%) and unauthorised access.
How are businesses protecting their systems?
43% of business use an external cyber security provider, with small (56%) and medium size (66%) firms using external resource.
Few are aware of the breadth of free resources available online from official government resources e.g. the National Cyber Security Centre including the Small Business Guide and the Board Toolkit.
Just 22% of businesses have a formal incident response plan , larger firms are most likely to have a formal plan (73%).
With many businesses moving online and relying on suppliers for their system provision, it’s surprising that just 11% of businesses review the cyber security of their supply chains.
More businesses are buying cyber insurance than in previous years (43% hold some cyber cover). Medium size businesses are most likely to buy cyber insurance. It was thought smaller companies may not have the budget for insurance and that many larger companies may deal with any cyber exposure inhouse.
Costs of a breach
Medium and large businesses were more likely to be aware that they have been attacked, with the average cost of a breach totalling £10,830. Smaller organisations may not always identify a breach unless it results in a loss.
Significant under reporting
Most firms are not reporting breaches externally, with just 34% reporting their most disruptive breach to their IT or external cyber security providers. Again, this suggests that the true figures for cyber attacks may be much higher.
Cyber crime is not going away but there is some evidence that companies are becoming better at identifying and deterring attacks.
Click here to read the full government report Cyber Security Breaches Survey 2024.
Isobel Horswell
Marketing & Compliance Exec, Ntegrity
isobel.horswell@ntegrity.co.uk