The UK government’s recently-published annual Cyber security Breaches Survey reveals a variety of emerging trends and risks across the constantly changing threat landscape. It provides valuable insights into the current state of cybersecurity across various organization sizes, highlighting the prevalence of cybercrime, incident response preparedness and awareness of government guidelines.
The organizations most affected by breaches in the last year were medium businesses (59%), large businesses (69%) and high-income charities (56%). The research findings also reveal that, for the first time, “the majority of large businesses are reviewing supply chain risks, although this is still relatively rare across organisations overall.”
Among the more concerning risks are those faced by smaller organisations, who are identifying cybersecurity breaches and attacks less often than in previous years. According to the report, “This may reflect that senior managers in smaller organisations view cyber security as less of a priority in the current economic climate than in previous years, so are undertaking less monitoring and logging of breaches or attacks.”
Overall, there were an estimated 2.39 million instances of cybercrime across all UK businesses and around 785,000 cyber crimes across charities in the last 12 months. The impact of these activities meant that the average annual cost of cybercrime for businesses is estimated at £15,300 per victim.
In terms of cybersecurity protection and preparation, while almost half of organizations seek external information or guidance on cybersecurity, a significant proportion remains unaware of government guidance and endorsed standards. Incident response plans are not widespread, but medium-sized and large businesses, as well as high-income charities, are more likely to have them.
Rising attack rates
Looking more broadly, weekly global cyber attacks increased by 7% in the first quarter of this year, according to recently published industry research. The study by Check Point points out that “While the volume of attacks has only risen marginally, we have witnessed several sophisticated campaigns from cyber-criminals who are finding ways to weaponize legitimate tools for malicious gains.”
Part of the challenge security teams face, the report said, is that threat actors are increasingly using AI tools such as ChatGPT to generate malware code, enabling “less-skilled threat actors effortlessly launch cyberattacks.”
In addition, 1 in 31 organizations experienced a ransomware attack weekly during the same period – a slight increase compared to a year before. Elsewhere, it is estimated that four companies fall victim to ransomware attacks every minute, with the bill for ransomware payments alone reaching more than EU10 billion a year.
Cybersecurity – a Boardroom Issue
Clearly, there is still much to be done to turn these trends around and ensure organizations are better protected against the risks they face. For example, there is a growing realization that effective cybersecurity has become a boardroom issue, and in his latest article for Forbes, Glasswall CEO Danny Lopez examines how senior teams are approaching these mission-critical challenges.
Faced with growing regulatory pressure and the need to improve risk management, investment decisions and communication, boards should now be front and center in ensuring their teams are given the tools they need to maximize protection.
As he points out, “There's no doubt that further elevating cybersecurity at the board level can put organizations in a much stronger place to do the job everyone is asking of it. With government and regulatory pressure continuing to build, its importance is certain to grow. Those organizations that get there sooner rather than later stand a much better chance of avoiding disruptive and costly security incidents.”
To read the article in full, click here.