According to recent government statistics, both businesses and charities in the UK have been facing cybersecurity breaches and attacks, with 43% of businesses and 30% of charities reporting incidents in the past year. The data, released from the cybersecurity breaches survey, shows a decrease in the number of cyber-attacks faced by UK businesses compared to the previous year.
In the past 12 months, UK businesses encountered approximately 612,000 cyber-attacks or breaches, while UK charities faced about 61,000 incidents. This decrease in the number of attacks is a positive trend from the data in 2024, where 50% of UK businesses experienced cyber incidents, totaling 718,000 attacks.
The decline in cyber-attacks was attributed to fewer micro and small businesses identifying phishing attacks. However, medium and large businesses continue to face a high prevalence of breaches and attacks compared to the previous year.
Phishing attacks remain the most common type of breach experienced by both businesses and charities, with 85% of businesses and 86% of charities reporting such incidents. Additionally, businesses reported an increase in temporary loss of access to files or networks, while charities noted a rise in loss of access to third-party services.
The survey highlighted the importance of cyber hygiene practices among businesses and charities of various sizes. While small businesses showed improvement in cybersecurity risk assessments, cyber insurance, and formal cybersecurity policies, high-income charities experienced a decline in these areas compared to the previous year.
Most businesses and charities have implemented basic technical controls such as malware protection, password policies, and network firewalls. However, the adoption of more advanced measures like two-factor authentication, virtual private networks, and user monitoring remains low.
The survey also pointed out a concerning trend regarding risk management and supply chains. Few businesses and charities are actively reviewing the cybersecurity risks posed by their suppliers, both immediate and in the wider supply chain. Larger organizations were more likely to assess supplier risks compared to smaller businesses.
Board engagement in cybersecurity was another area of interest, with a decline in board-level responsibility for cybersecurity among businesses since 2021. While cybersecurity remains a priority for most businesses and charities, larger organizations tend to prioritize cybersecurity more than smaller businesses.
In terms of cyber-crime, the survey revealed that 20% of businesses and 14% of charities have been victims of cyber-crime in the past year, with larger organizations more likely to experience such incidents. The prevalence of ransomware among businesses has also increased from the previous year.
Overall, UK businesses experienced approximately 8.58 million cyber-crimes in the last 12 months, including non-phishing crimes and fraud. Charities in the UK reported around 435,000 cyber-crimes during the same period.
In conclusion, while there has been a decrease in the number of cyber-attacks faced by UK businesses, cybersecurity remains a critical issue for organizations of all sizes. Implementing strong cyber hygiene practices, conducting regular risk assessments, and enhancing supply chain security are essential steps to mitigate the risks of cyber threats in the ever-evolving digital landscape.