โ€œWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ€

IT Operations Manager
Simon Darley
Trusted by industry leaders

Let's Talk

Call us on one of the numbers below, we cover the whole of the UK, so call the nearest office.

BriSTOL HQ & The South West

London & Surrounding Areas

Manchester & the North

โ€œWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ€

IT Operations Manager
Simon Darley
Trusted by industry leaders

Request a Call-back.

First we need a few details.

ENQUIRY - Contact Popup DEPRECIATED (#3)

Keep up to date with the experts

Get insights directly to your email inbox

MAIL LIST - Newsletter, Exit Intent Popup (#13)

Follow us on social

โ€œWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ€

IT Operations Manager
Simon Darley
Trusted by industry leaders

Request a Call

First we need a few details.

ENQUIRY - Popup w/ Captcha for light backgrounds (#21)

Key findings: UK Cyber Security breaches Survey 2023

Published: May 9, 2023
Updated: May 29, 2024
In a nutshell:
April's cyber security breaches survey, shows less UK security breaches but severe underreporting and lack of cyber readiness...
Only 3 out of 10 businesses carried out a cyber security risk assessment in 2022.

The Department for Science, Innovation and Technology has recently released the official Cyber Security Breaches Survey of 2023.

The report informs government policy on cyber security whilst educating organisations on current threats, and how they can best protect themselves from attacks. This yearโ€™s report explores the policies, processes and approaches of modern cyber security, alongside the different cyber attacks and crimes that businesses, charities and educational institutions are facing.

what are the key findings?

1. IDENTIFICATION OF THREATS

The percentage of businesses and charities that experienced a breach last year dropped to 32% and 24%, from the previous yearโ€™s figures of 39% and 30%. A key factor which impacted these figures is a lack of Cyber Security awareness and monitoring from senior managers, an issue which has been prioritised less due to the uncertain economic climate. The majority of cyber-attacks are relatively easy to identify and therefore prevent, accordingly, the government has recommended businesses to create and implement a set of โ€˜cyber hygieneโ€™ measures. Popular and effective methods of maintaining โ€˜cyber hygieneโ€™ include malware protection, cloud back-ups, passwords, restricted admin rights and network firewalls are all critical steps to ensure cyber security. However, some methods have seen steady declines over the years, particularly password policies (down 9%), network firewalls (down 12%) and restricting admin rights (down 8%).

2. Cyber Hygine

The cyber security survey reveals that larger organisations consistently commit to identifying risks within their supply chain, however these security reviews are still scarce overall, with only 3 out of 10 businesses carrying out a cyber security risk assessment last year. Communications from the National Cyber Security Centre around supply chain risks encourage businesses to act with more prioritisation and assess their supply chains, according to qualitative data.

3. board engagement

Only 3 in 10 businesses & charities have board members or trustees explicitly responsible for cyber security, showing that a lack of cyber preparedness from boards and corporate governance is prevalent throughout the cyber security survey findings. Qualitative data highlights the challenges which prevent boards from prioritizing cyber security, issues such as a lack of knowledge, training and time (these factors have often been reported often in previous years).

4. accreditation & Guidance

Approximately, half of organisations are seeking external information and guidance on cyber security, consistent with the previous years cyber security findings. However this figure reveals that a large proportion of organisations are not adhering to cyber standards or accreditations, and are therefore unaware of the systems and actions they can take to prevent and defend against cyber attacks. Concerningly, government guidanceโ€™s such as 10 Steps to Cyber Security and the Cyber Essentials Standard are widely unknown to a large proportion of businesses.

5. Incident response

A large proportion of businesses claim they will carry out set processes after a cyber attack, yet only 21% of businesses and 16% of charities have formal incident response plans. Qualitative data suggests that this issue could be tackled through better communications between the IT/Cyber teams and the wider organisation, regarding cyber security awareness and incident response. Educating wider teams and providing post incident reviews can amend the disconnect between these teams, improve cyber hygiene and increase wider engagement in cyber security.

6. Cyber crime

The DSIT estimates that around 2.39 million instances of cybercrime were committed in the last 12 months, and 49,000 instances of fraud as a result of said cybercrime took place in the last 12 months. It is reported that around 785,000 cybercrimes were committed against charities in this same period, however the DSIT highlights that these estimates of scale will have a relatively wide margin of error due to the sample size.

The cyber security survey presents evidence of underreporting across the board, with a total of 11% of businesses experiencing cybercrime in the last 12 months, rising to 37% for large businesses and 25% for high-income charities, another way of looking at these statistics is that around a third of businesses/charities who identified cyber security breaches or attacks, led to becoming a victim of cybercrime.

Important context for the UK cyber security breaches survey

Itโ€™s important to note that the economic climate during this cyber security survey has resulted in businesses facing financial uncertainty and rising inflation & energy costs. With this in mind, cyber security may not have been prioritised as highly, during qualitative interviews there were multiple businesses citing โ€˜wider issuesโ€™ as the main reason cyber hygiene measure were reduced.

The report emphasises that micro and small businesses have shown a lack of prioritisation of cyber security, a reduction in cyber hygiene measure and a lack of identification of cyber security breaches, more so than medium and large businesses.

The shift to widespread hybrid working, combined with a decline in restricted-access business owned devices have contributed largely to a common challenge of an organisation, identifying and managing cyber breaches/attacks. This factor has therefore impacted businesses ability to accurately report the number of cyber incidents they experienced over the last 12 months.

What are the key takeaways from this yearโ€™s UK cyber security breaches survey?

  1. Given that most breaches and cyber attacks are a result of phishing attacks, it is critical that there is consistent, two-way communication between IT/cyber teams and the wider staff of an organisation. Ensuring that users can recognise suspicious activity and have the initiative to report it to the relevant IT/cyber teams is essential is reducing human-error related issues.
  2. Integrating a cyber security policy which elevates and merges with any current policies and procedures will aid organisations in their approach to managing unexpected cyber breaches/attacks.
  3. The cyber security survey finds that there is a severe lack of SMEโ€™s reviewing any cyber risks in their supply chain, exposing a key vulnerability in their preparedness for a cyber-attack. Information and guidance from trusted sources such as the NCSC map out the steps that businesses can take to secure their supply chain.
  4. Many directors/trustees may be aware of cyber security threats, but there can also be a lack of guidance on how their role should navigate cyber incidents. Curating a formal incident response plan will outline a range of actions that can be taken, ensuring organisations take all necessary measures.

Want to know how we can help you improve your cyber security posture?

This report ultimately finds that it is essential for SMEs to have reliable and comprehensive IT and security support that can help them navigate and mitigate modern security risks.

At Stripe OLT, weโ€™ve made it our mission to provide security-first IT services, underpinned by cutting-edge Microsoft cloud and security technologies.  

Want to know more about how our zero-trust approach to Managed IT can help protect your organisation? Get in touch today.