SASIG, The Security Awareness Special Interest Group, has called for improved real-world cyber resilience within businesses to protect from the ongoing prevalence of cyberattacks.
It follows the publication of the latest Government Cyber Security Breaches Survey, which found that 39 percent of UK businesses had experienced a cyberattack in the past 12 months, the same percentage as last year.
The most common cyberattack was phishing attempts (83 percent). Although of the 39 percent, around one in five (21 percent) identified a more sophisticated attack type such as a denial of service, malware, or ransomware attack.
Within the group of organisations reporting cyberattacks, 31 percent of businesses and 26 percent of charities estimate they were attacked at least once a week and one in five businesses (20 percent) and charities (19 percent) say they experienced a negative outcome as a direct consequence of a cyberattack.
If you liked this content…
Protecting critical networks: Supply chain security in the utilities sector
Think Digital Identity and Cybersecurity for Government: Key Takeaways
The US’ latest cyber alert is a wake-up call for the UK
Could AI deliver on the broken promise of “many eyes” in cybersecurity?
Cybersecurity in the UK Defence sector
“It’s clear from these latest government findings that cyberattacks are very much still an issue for British businesses, small and large,” said Martin Smith MBE, founder and chairman of The SASIG. “The findings illustrate that the impacts of these attacks are operational and financial, with the estimated cost of attacks in the last 12 months amounting to £4,200 and rising to £19,400 when looking specifically at medium and large businesses. The government itself admits that these figures are also probably underreported which is extremely worrying.
“While many businesses are working to prevent such attacks and put plans in place to deal with them when they occur, it is clear more still needs to be done.”
Businesses still not acting on threats
The survey went on to identify key areas of weakness, which included the fact that almost half of businesses (46 percent) had not taken action to identify cybersecurity risks in the past 12 months, broader supply chain issues with cybersecurity and a lack of understanding of cyber risks at board level.
Smith added: “Threats are constantly evolving, so having clear and concise cybersecurity procedures that are respected and adhered to business-wide is key to building robust resilience.
