Given the heightened risk of cyber incidents in the current Covid-19 crisis, it seems timely to look at the Cyber Security Breaches Survey 2020 published recently by the Department for Digital, Culture, Media and Sport. Now in its fifth year the survey looks at UK businesses, charities and, for the first time, educational establishments.
In terms of frequency of breaches and attacks, the survey finds little difference from previous years:
- 46% of businesses (unchanged from last year); and
- 26% of charities (up from 19% last year)
were aware of a cyber breach or attack in the last 12 months. Within this overall threat landscape, phishing attacks had increased, whilst malware and other viruses had decreased. However, looking for the first time at the education sector, the survey found that an astonishing 80% of Further and Higher Education establishments were aware of a breach or attack.
Looking at impacts, the survey found that only 19% of businesses suffering a breach or attack experienced a loss of data or financial cost. Even within this small subset who experienced a “material outcome”, the average cost reported was only £3230. This figure seems extremely low when compared to other data sources and brings into question if responding organisations had calculated the full cost of incidents.
The survey also looks at the steps that organisations are taking to manage cyber risk. Both businesses and charities are more likely to have a written cyber security policy in place (38% and 42% respectively) than in previous years. Curiously though, given the UK Government’s backing of the scheme, the survey does not specifically ask about Cyber Essentials accreditation. However, in a slightly worrying revelation, it notes that only 13% of both businesses and charities are even aware of the scheme!