Businesses urged to act as two in five UK firms experience cyberattacks in the last year

New DCMS report shows fewer businesses are taking recommended cybersecurity measures, despite heightened risk during the pandemic

Posted 25 March 2021 by Christine Horton

Two in five businesses (39 percent) and more than a quarter of charities (26 percent) report having cybersecurity breaches or attacks in the last 12 months, according to new figures from the Department for Digital, Culture, Media and Sport (DCMS).

The Cyber Security Breaches Survey 2021 report shows the cyber risk to organisations is heightened because of the pandemic, which has made securing digital environments more challenging as organisational resources are diverted to facilitating home working for staff.

As such, the government is encouraging businesses, charities and educational institutions to follow guidance from the National Cyber Security Centre (NCSC). It includes advice on the secure use of video conferencing, secure home working and how to move your business from physical to digital. This week the centre also published new guidance specifically to help educators boost their cyber resilience.

The new data shows fewer businesses are using security monitoring tools to identify abnormal activity which could indicate a breach. This suggests firms are less aware than before of the breaches and attacks staff are facing. The figure has dropped five per cent since last year to one in three firms (35 percent). Only 83 percent of businesses have up-to-date anti-virus software – also down five percent from the previous year.

The most common breaches or attacks were phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware.

Where a breach has resulted in a loss of data or assets, the average cost of a cyberattack on a business is £8,460. This figure rises to £13,400 for medium and large businesses. 

The figures also reveal nearly half of businesses (47 percent) have staff using personal devices for work, but only 18 percent have a cybersecurity policy on how to use those personal devices at work. Less than a quarter of businesses (23 percent) have a cybersecurity policy covering home working.

Despite the challenges of the pandemic, cybersecurity remains a high priority for business leaders. More than three quarters (77 percent) of businesses say it is a high priority – up 12 percent from the 2016 report.

Improving cyber resilience

This week NCSC issued figures that claimed more than 80 percent of British people fear falling victim to cybercrime. It also issued an alert in response to an increase in cyberattacks on the education sector.

The government is investing £1.9 billion in the National Cyber Security Strategy over five years. This includes delivering a programme to improve businesses cyber resilience. 

Earlier this month the Digital Secretary Oliver Dowden set out his ten tech priorities which included online security, and the government last week published its groundbreaking Integrated Review of defence and security. 

The review announced a commitment to publish a new National Cyber Strategy later this year. The strategy will set out how the UK intends to build a more resilient digital nation and realise the benefits that cyberspace can bring. 

DCMS also said it is reviewing what more the government can do to improve businesses’ resilience and cybersecurity, as well as progressing work to make sure consumer smart devices are more secure.