Whilst cyber attacks decrease, the threats to businesses remain. We give you the Cyber Security Breaches Survey 2019.
The survey, found here, found that 98% of our UK businesses are dependent on online services. Whilst this is no surprise in a time where the typewriter is a distant memory, it highlights the key fact that almost all of UK businesses are susceptible to a cyber attack.
At the heart of the survey is the concern that as businesses move to become more data driven, they aren't fully protected against the associated risks.
It is not all doom and gloom. The survey found that the number of businesses identifying cyber attacks has dropped from 43% to 32% in the last year. This seems to be a positive effect of the General Data Protection Regulation (GDPR) which has prompted a number of businesses to review their approach to cyber security procedures, with 30% having made changes as a result, although it is recognised that changes in the focus and vector of attacks could also explain the change.
The picture wasn't as bright for medium and large businesses, however, which saw almost twice that incidence of breaches and attacks. That being said, this still represents a reduction on the previous year.
Another reassuring fact is that 88% of businesses have now heard of the GDPR, a stark increase compared with the previous year where the figure stood at 38%. This has not led to a significant increase in breach preparedness, however, with just 16% of businesses having put formal cyber security incident management processes in place. That could have a detrimental impact on their ability to promptly and effectively contain and manage an attack.
Coupled with this is the concern that there is clearly a gap in the level of cyber insurance being purchased by businesses to combat cyber crime. Although the costs associated with cyber security breaches have continually increased since 2017, the survey found that only 11% of UK businesses have purchased cyber insurance, leaving a concerning 89% without cover in the event of a cyber attack. Whilst the figures show that generally more UK businesses are taking out cyber insurance, there remains the stark concern that cyber insurance is not in place for the large majority of them, and that businesses could have to absorb the costs associated with handling the breach itself. This would include legal, PR, credit monitoring, and forensic IT advice, as well as business disruption, and any ensuing litigation with suppliers and compensation claims from affected individuals.
Where businesses had taken out cyber insurance, the survey found their key reason for doing so was to gain access to the breach response services written into most cyber policies or due to the influence of the broker. Where cyber insurance had not been purchased, the reasons for this were that the businesses (a) already had external cyber security providers, (b) didn’t even know that cyber insurance existed, or (c) considered themselves too low of a risk to warrant purchasing the insurance.
Further interesting statistics from the survey are that the most common type of attacks were found to be phishing attacks – through fraudulent emails or being directed to fraudulent websites – and that the most common impact on businesses was loss of access to files or networks, software or systems damage and website disruption.
Although the statistics are a helpful insight into the ways businesses are combatting cyber crime, there remains a number of areas in which businesses could step up their preparations for the inevitable attack, including preparing breach response plans and taking out cyber insurance which offers breach response services. In a world where we are all so dependent on online services, the problem simply cannot be ignored.