Our roundup of the Cyber Security Breaches Survey 2018

The Cyber Security Breaches Survey is a quantitative and qualitative survey of UK businesses and, now for the first time inclusive of charities. The survey was carried out at the end of 2017 to highlight cyber security risks that businesses are facing and their significance. We have collated the key points from the full report to outline the impact on small, medium and large organisations. 

The survey highlights the vital importance of cyber security for organisation, with 43% claiming to have had breaches within the last year.

The most common breaches found were: 

  • staff receiving fraudulent emails (75%).
  • impersonation of the organisation online (28%).
  • viruses and malware (24%).

A key issue is staff awareness and vigilance to cyber security threats. 70% of organisations view staff as being capable to handle cyber security threats, but only 20% of staff have had cyber security training and only 27% have cyber security policies in place. 

This includes: 

  • updating software and malware protection (90%).
  • backing up data securely (90%).
  • configuring firewalls (89%).
  • giving guidance on password protection (67%).

Micro/small business findings:

  • 74% of senior management of micro/small businesses claim that cyber security is a high priority.
  • 42% of micro/small businesses had identified at least one cyber security breach/attack in the last year.
  • 17% of these cases took one day or more to recover from the attack/breach.
  • 70% of micro/small businesses believe that the staff that handle cyber security have the capacity to effectively manage it.
  • Micro/small businesses are less likely than medium or large organisations to have sought information or guidance about cyber security, have formal cyber security policies and to have cyber security training procedures in place.

Medium and Large Businesses:

  • 65% of medium/large organisations identified at least one breach or attack in the last 12 months.
  • The average cost of these attacks/breaches has increased, from £1,860 in 2016, to £8,180 in 2017.
  • 89% of senior management in medium/large organisations say that cyber security is a high priority for them.
  • 94% of medium/large businesses have risk management processes or governance in place.

Medium organisations are less likely than large organisations to have certain processes in place, such as:

  • Formal cyber security policies (59% v 74%).
  • Staff with responsibility for cyber security (73% v 86%).
  • Business continuity plans (66% v 85%).

However, 20% of medium/large organisations do have a specific cyber security insurance policy in place, and 24% of those that didn’t have considered it.

For the full report and previous reports visit: www.gov.uk/government/collections/cyber-security-breachessurvey