39% of businesses suffered cyber attacks in the past year

Two in five businesses reported a cyber attack or data breach in the past 12 months, according to the UK government’s Cyber Security Breaches Survey 2021 The study suggests that the threat has increased as a result of COVID-19, with security teams finding it harder to implement and manage defense mechanisms. However, in some cases, the risk is also of organizations’ own making. For example, compared to a year ago, fewer organizations are using security monitoring tools (35% vs 40%) or performing any form of user monitoring (32% vs 38%). Among the 39% of organizations that identified data breaches, 27% said they experience security incidents at least once a week, with phishing being by far the most common form of attack.

39% of businesses suffered cyber attacks in the past year
39% of businesses suffered cyber attacks in the past year
39% of businesses suffered cyber attacks in the past year
39% of businesses suffered cyber attacks in the past year

The effects of data breaches

Among those that identified a security incident, 35% reported negative effects. In most cases, that meant the loss of money, data, or other assets.

Small organizations reported an average loss of £8,460, whereas medium and large firms lost £13,400 on average.

But even when information or money wasn’t compromised, organizations said they suffered business disruption, including diverting manhours to deal with the incident.

Despite COVID-19, the proportion of organizations experiencing negative effects of data breaches is lower than in previous years. The study suggests this isn’t because data breaches are less frequent but because organizations are better equipped to handle security incidents.

This is most likely a result of the GDPR (General Data Protection Regulation), which contains strict requirements on the ways organizations should protect their sensitive data and respond to security incidents.

Indeed, the study found that 77% of businesses now say that cyber security is a high priority for their directors and senior staff, compared to 69% in 2016.

One in two businesses update management teams about their cyber security actions each quarter, and many have increased their investment in cyber security during the pandemic.

This includes technological solutions, such as Cloud security and multi-factor authentication, as well as processes that bolster existing measures.

Where are organizations lacking?

Despite investing significantly in security technologies, organizations are neglecting staff awareness training.

Your staff’s ability to spot and respond to threats is one of the most important ways of protecting your organization. This can be seen by the proportion of phishing attacks, which rely on exploiting human weaknesses.

Yet only 14% of businesses provide regular training and 20% have performed activities to test staff, such as simulated phishing attacks.

Staff awareness training costs less than most technological defenses, but it requires an organization-wide commitment for it to work.

If you’re concerned about your employees’ security awareness, our Simulated Phishing Attack service is a great place to start.

We’ll send your employees a typical example of a phishing email without the malicious payload, giving you the opportunity to monitor how your employees respond.

Do they click a link right away? Do they recognize that it’s a scam and delete it? Do they contact a senior colleague to warn them?

You can use the answers to guide your information security measures and to act as a reference point when it comes to staff awareness training.