Cyber security hygiene has increased in the past year due to a rise in cyberattacks, but there has not been a major shift in the type of attacks. That’s according to the Cyber Security Breaches survey 2023 released by the UK government’s Department for Science, Innovation & Technology.
But rising inflation, higher energy prices, and overall economic uncertainty meant cybersecurity could not be as high a priority for small businesses and charities as it was in 2022.
Some key takeaways from the survey were:
- 32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months. This is much higher for medium-sized businesses (59%), large businesses (69%) and high-income charities with £500,000 or more in annual income (56%).
- 49% of medium businesses, 68% of large businesses and 36% of high-income charities now have a formal cyber security strategy in place.
- Three in 10 businesses have undertaken cyber security risk assessments (29%, vs. 27% of charities) in the last year – rising to 51% of medium businesses and 63% of large businesses.
- 49% of businesses and 44% of charities report seeking information or guidance on cyber security from outside their organisation in the past year, most commonly from external cyber security consultants, IT consultants or IT service providers.
- The average (mean) annual cost of cyber crime for businesses is estimated at approximately £15,300 per victim.
“Underreporting is a huge issue identified by the cybersecurity industry, meaning this number could be far higher in reality. Underreporting is so rife because for any organisation, especially those which handle sensitive information, admitting that you’ve been breached can have catastrophic effects,” said Tom Kidwell, a former British Army and UK Government intelligence specialist, and co-founder of Ecliptic Dynamics.
The government’s National Cyber Strategy was proposed in 2022, as a “comprehensive approach to strengthen [Britain’s] position as a responsible and democratic cyber power, able to protect and promote our interests in and through cyberspace.”
The aim is that the UK will continue to be a cyber power in 2030.
The survey sampled 2,263 businesses in sectors ranging from IT to education and hospitality to transport. The full results can be seen here.