CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Visionary CIO

One-third of UK firms suffer a cyber attack every week

admin by admin
April 6, 2022
in Visionary CIO
585
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter


Cyber attacks and related incidents at UK organisations continue their seemingly unstoppable upward trajectory, with new statistics from the Department for Digital, Culture, Media and Sport (DCMS) today revealing that 31% of businesses and 26% of charity organisations now experience incidents on a weekly basis.

The data, contained in the annual Cyber security breaches survey report, paints a stark picture of the scale of the threat facing the average organisation, and the urgent need to boost standards and defences.

“It is vital that every organisation takes cyber security seriously as more and more business is done online and we live in a time of increasing cyber risk,” said cyber minister Julia Lopez.

“No matter how big or small your organisation is, you need to take steps to improve digital resilience now and follow the free government advice to help keep us all safe online.”

Some 20% of businesses and 19% of charities said they had experienced a negative outcome as a direct consequence of an attack. The average cost of an attack, spread out across all organisations, now works out at £4,200, or £19,400 if only medium and large businesses are considered, although there is probably a vast amount of under-reporting, so the true figures are certainly higher.

Meanwhile, 35% of businesses and 38% of charities said they had experienced some kind of negative impact during the incident, such as service downtime.

The most impactful forms of cyber attack experienced in the UK were simple phishing attempts, cited by 83% of the 39% of UK businesses that identified an attack. More sophisticated attacks, which in DCMS’s metrics include denial of service, malware or ransomware hits, were seen in 21% of cases.

Note that phishing attacks, if successful, will usually be a precursor to a more serious incident, such as ransomware, highlighting the importance of addressing phishing in cyber risk assessments and training initiatives.

In terms of incident management, just 19% of businesses told DCMS that they had a formal incident response plan in place, while 39% had assigned roles should an incident happen. The survey did, however, identify very clear evidence of a strong reactive approach to incidents, with the vast majority saying they would both inform the board and make an assessment of the attack, should one occur.

In terms of risk management, just over half, 54%, of businesses said they had acted in the past 12 months to identify risk, covering a range of potential actions, of which implementing security monitoring tools was the most common. However, this figure was actually down from a high point of 64% in 2020.

In terms of following guidance on cyber hygiene, the DCMS report found that 49% of businesses and 40% of charities had taken action against at least five of the 10 components contained in the official National Cyber Security Centre (NCSC) 10 steps to cyber security guidance, with identity and access management (IAM) surveyed most favourably, and supply chain security the least.

Of those that do outsource some part of their IT or security to a third-party supplier – which is almost 60% of organisations in the UK – the survey found that just 13% of those organisations assessed the risks of doing so, and most tended to think that security was not a particularly important factor in the procurement process. Multiple high-profile breaches have shown recently that this is absolutely not the case.

UK organisations did tend to do better at engaging their leadership on security issues, with 82% of board members or senior managers rating security as either “very” or “fairly” high priority, up 5% on 2021. Half of businesses and 42% of charities said they updated their board on cyber security matters at least quarterly, with this figure increasing with the size of the organisation.

Finally, on external engagement on cyber security, leaving aside security suppliers and managed services providers (MSPs), organisations in the UK tend to engage most keenly with insurers, with 43% of businesses now having an insurance policy that covers risk. However, awareness of the NCSC’s work and its potential to assist remained disappointingly low, with only 6% having obtained its Cyber Essentials certification, and 1% obtaining Cyber Essentials Plus.

DCMS said the government was still aiming to strengthen the cyber resilience of critical businesses by updating the Network and Information Systems (NIS) Regulations – among other things, bringing MSPs in scope – which it is hoped will raise standards more widely, and has prioritised protecting UK organisations with £2.6bn of funding through the National Cyber Strategy, investing in key areas such as security skills and supply chains.



Source link

Previous Post

China’s AI regulations face technical challenge

Next Post

Macrocell vs. Small Cell vs. Femtocell: A 5G introduction

Related Posts

Visionary CIO

KAC: Creating smarter airports that safeguard passenger journeys

by admin
May 25, 2022
Visionary CIO

MIT Sloan panelists urge cyber resilience focus

by admin
May 24, 2022
Visionary CIO

ICO orders facial recognition firm Clearview AI to delete all data about UK residents

by admin
May 24, 2022
Visionary CIO

Ransomware volumes grew faster than ever in 2021

by admin
May 24, 2022
Visionary CIO

JPMorgan’s UK digital retail bank reaches half-million customer mark

by admin
May 24, 2022
Next Post

Macrocell vs. Small Cell vs. Femtocell: A 5G introduction

Leave Comment

Recommended

KAC: Creating smarter airports that safeguard passenger journeys

May 25, 2022

Intro to ITOM & How it Impacts Cost Optimization

May 25, 2022

The Best of SWL 2022 (SupportWorld Live)

May 25, 2022

Conti Ransomware Operation Shut Down After Splitting into Smaller Groups

May 25, 2022

Fronton IOT Botnet Packs Disinformation Punch

May 24, 2022

Spring 2022 SOC 2 Type I Privacy report now available

May 24, 2022

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.