The Cyber Security Breaches Survey 2021, published last week, revealed that 39% of all businesses have been impacted by a cyber-attack or breach this year.
The survey, commissioned by the Department for Digital, Culture, Media and Sport, has been analysing the risk of cyber attacks across the UK economy since 2016.
In order to reach their findings, DCMS conducted a random probability telephone survey of 1,419 UK businesses between October 2020 and January 2021, which was then supported by 32 in-depth interviews.
Among the headline findings was the detrimental effect the Covid pandemic has had on businesses’ cyber safeguards.
With the necessity of home working, many existing security arrangements have become obsolete and stretched resources have led to cyber security being deprioritised. These trends are reflected in the survey’s findings: the proportion of businesses reporting up-to-date malware protection has fallen by 5% to 83% and the percentage of businesses with network firewalls has also dropped from 83% to 78%.
While an unprecedented year may have moved focus from cyber defence plans, their importance has certainly not waned.
Of the 39% of businesses to suffer security breaches, 27% reported being attacked at least once a week, with 23% requiring new measures to prevent future attacks. As well as the possibility of confidential information being compromised, the average annual cost of these attacks was £8,460, rising to £13,400 among medium and large businesses.
The survey also analysed the frequency of different types of cyber attacks.
Among those affected by security breaches, 83% reported a phishing attack, 27% were impersonated online and 13% received malware, including ransomware. While rarer, non-phishing attacks were found to have a far greater impact on the businesses affected.
While the average cyber attack may not cause irreparable damage, the most sophisticated can bring hugely successful companies to their knees, severely impacting their reputation going forward – one need look no further than the SolarWinds hack of December 2020 for a particularly stark example.
With the vast majority of business now storing information digitally, having an effective cyber security arrangement is perhaps the most important part of protecting the reputation of a business. Despite this threat, however, only 34% of surveyed businesses reported undertaking a cyber risk assessment and only 35% reported using security monitoring tools. Without a sustained focus on security, businesses are risking a potentially catastrophic breach.
This point was underlined by Rory Lynch, Senior Associate in the Reputation & Privacy team at Vardags, who commented: “For a 21st century business, an effective cyber security plan is utterly essential. With potential hacks a constant threat, proactive measures need to be taken. From security audits to the constant updating of firewalls and malware protection, a robust defence can prevent your reputation from ending up in tatters. While, understandably, cyber security may not be everyone’s priority during the pandemic, ignore it at your peril – a stitch in time can save nine.”
As well as responding swiftly to any breaches, our Reputation & Privacy team regularly undertake proactive reputation health checks, spotting any weaknesses or gaps before problems arise. Click this link to find out more.