The UK government is urging businesses and charities to strengthen their cybersecurity practices, as the Cyber Security Breaches Survey 2022 shows that the frequency of cyberattacks is increasing. Almost one in three businesses (31%) and a quarter (26%) of charities suffering attacks said that they now experience breaches or attacks at least once a week.

However, although the Survey shows that the frequency of cyberattacks is rising, the number of businesses that experienced an attack or breach remained the same as in 2021. Almost a third of charities (30%) and two in five businesses (39%) reported cybersecurity breaches or attacks in the last 12 months.

The National Cyber Security Centre has also issued a note stating that it is not aware of any current specific cyberthreats to UK organisations in relation to events around Ukraine but is encouraging organisations to follow its guidance to reduce the risk of falling victim to an attack. Small businesses should adopt the cyber essentials scheme to protect against the most common cyberthreats, such as phishing attacks, and use the small business guide to improve cybersecurity practices. Larger organisations should use the board toolkit to get company executives to act on cyber resilience, and charities should follow the small charity guide to boost cybersecurity operations.

Following a wave of high-profile attacks over the past year, including on Kaseya, Colonial Pipeline and Microsoft Exchange, the government says that there has been increased attention on the cybersecurity of supply chains and digital services. As a result, according to the 2022 survey, four out of five senior managers (82%) in UK businesses now say that they see cybersecurity as a "very high" or "fairly high" priority, up from 77% in 2021. This is a significant increase and the highest figure seen in any year of the cyber security breaches survey.

The 2022 survey also found that 40% of businesses and almost a third of charities (32%) are using at least one managed service provider, but only 13% of businesses reviewed the risks posed by immediate suppliers.

The government is aiming to strengthen critical businesses' cyber resilience by updating the Network and Information Systems (NIS) Regulations 2018, which set out cybersecurity rules for essential services, such as water, energy, transport, healthcare and digital infrastructure. The government says that this will make sure the legislation remains effective and keeps pace with technology. It includes proposals to expand the NIS Regulations to include managed service providers which essential and digital services depend on to operate, to minimise the risk of attacks.

For further information on this topic please contact Alan Owens at Wiggin by telephone (+44 20 7612 9612) or email ([email protected]). The Wiggin website can be accessed at