10 key insights from the 2018 Cyber Security Breaches Survey
A year is a long time in business, and cyber security is a particularly fast-paced industry because organisations must keep up with rapidly evolving threats.
In April, the UK government published its annual Cyber Security Breaches Survey for 2018. At 58 pages, the report provides a comprehensive analysis of the current state of play for the country’s cyber security defences.
If you haven’t had the opportunity to read the whole document, don’t worry; we’ve selected 10 key insights to save you a bit of time.
1. 74 per cent of businesses say cyber is a high priority
The good news is that nearly three-quarters of organisations believe their directors and senior managers view cyber security as a high priority. However, what’s less encouraging is this is the same proportion as last year’s report, indicating that headline-grabbing breaches seem to have had little impact on how seriously the C-suite view cyber attacks.
2. Over two-thirds of firms don’t have formal cyber policies
Another worrying statistic is that only 27 per cent of businesses have formal cyber security policies in place, which is down from 33 per cent in the 2017 report. The figure is even lower for charities (21 per cent), suggesting there is a noticeable gap between the number of organisations that say cyber security is a high priority and the amount that implement a sophisticated defensive strategy.
3. One in five senior managers never informed of cyber issues
Engagement with senior managers appears to be improving, with 8 per cent of organisations providing daily updates on cyber issues to those in positions of responsibility. Unfortunately, 20 per cent of firms still never inform senior managers of developments in this area. In fact, just one-third of businesses even have a board member who is responsible for cyber security.
4. Large businesses cut cyber security spending by 61 per cent …
There appears to have been a dramatic drop in the amount of money that large businesses are investing in cyber security measures. The mean spend among these organisations was £149,000 over the last financial year, which is a sizeable difference from the £387,000 reported in 2017. Meanwhile, medium-sized businesses have more than doubled their spending from £15,500 to £41,600 over the same period.
5. … Yet the cost of a breach has jumped to £22,300
Cyber security spending for large organisations may be down, but the cost of a breach appears to be on the rise. The mean cost of an attack that had a tangible negative outcome was £22,300 this year, up from £13,200 in last year’s survey. The proportion of big businesses to suffer a breach has remained the same (68 per cent).
6. Small firms taking cyber security more seriously
Large organisations may have taken their foot off the pedal, but small businesses are placing more emphasis on their cyber security measures. Forty-two per cent of these firms now consider cyber a very high priority, although 33 per cent of micro and small organisations still invest zero money into their defences each year.
7. Finance and insurance businesses step up their game
Cyber investment dropped or remained stagnant across many industries this year. Nevertheless, finance and insurance companies bucked the trend by nearly doubling the annual amount of money they spent on average from £9,650 to £17,900. The finance and insurance industries were also the most likely to say cyber security was a very high priority (61 per cent versus 35 per cent overall) and seek information on improving their defences (78 per cent of firms).
8. Less than one in ten businesses have cyber insurance
Just 9 per cent of businesses and 4 per cent of charities have specific cyber insurance coverage, with the most common reasons for not purchasing a policy being a lack of awareness and the belief that cover is unnecessary. In last year’s report, more than one-third (37 per cent) of respondents said they did not even understand their policy. Many businesses also fear current cyber insurance offerings are too restrictive and may not pay out in the event of a breach, which is a topic we recently explored in depth on our blog.
9. Top cyber security risks rely on human error
The most common and damaging cyber security risks typically rely on a staff member making a mistake. This may include downloading a virus, falling victim to fraudulent emails or being directed to fake sites. Nearly half of businesses said fraudulent emails and websites were the breaches that caused the most problems for their business in the last 12 months. Ransomware (7 per cent) and DDoS attacks (6 per cent) were cited much less frequently.
10. One in 10 businesses take no action after a breach
Despite the financial and reputational damage of breaches, 10 per cent of organisations chose to take no further action after suffering material losses after an attack. The survey results also suggest less than 5 per cent of businesses hired more cyber security staff following a breach, although 14 per cent offered more employee training or communications.
Is your business ready to face cyber security challenges?
The 2018 Cyber Security Breaches report paints a potentially worrying picture for UK organisations. While senior managers claim these issues are a high priority, many businesses appear to be lowering investment in their cyber defences and fewer have formal policies in place to tackle malicious attacks.
The financial cost of breaches is climbing and new regulations such as the GDPR could leave organisations facing hefty fines if they fail to properly secure sensitive data. Now may be the time for businesses to re-evaluate their approach to cyber security and invest more money in strengthening their defences.
Would you like to discuss your security and resilience recruitment needs? We’d love to hear from you, so please call 020 7936 2601 or email me directly at bf@barclaysimpson.com.
Our 2018 Market Reports combine our review of the prevailing conditions in the security & resilience recruitment market with the results of our latest employer survey.
Image credit: Sergey Nivens via Adobe Stock