The newly published Cyber Security Breaches Survey 2020 aims to help UK businesses and charities understand the nature and significance of the cyber security threats they face, and what others are doing to stay secure.
It also supports the government to shape future policy in this area.
The main findings from the report show:
- The extent of cyber security threats has not diminished. In fact, this survey, the fifth in the series, shows that cyber attacks have evolved and become more frequent.
- Organisations have become more resilient to breaches and attacks over time. They are less likely to report negative outcomes or impacts from breaches, and more likely to make a faster recovery. However, breaches that do result in negative outcomes still incur substantial costs.
- Over the last five years, there has been greater board engagement in cyber security and increased action to identify and manage cyber risks. These improvements may underpin the fact that organisations have become more resilient.
- However, there is still more that organisations might do on a range of diverse topics such as audits, cyber insurance, supplier risks and breach reporting. Organisations may be confused about how they should be considering these topics and what best practice is.
Cyber security specialist Jérôme Robert, director at Alsid, welcomed the report and acknowledged progress has been made.
However, "it should not be seen as a reason for companies to take their foot off the accelerator when it comes to IT security. Cybercriminals and threats are constantly evolving, as is the landscape within which they operate.
“Take the current COVID-19 pandemic which is gripping the world: massive changes in workstyles driven by remote working are a gift for hackers.
"Likewise we talk a lot about the rise of AI applications to boost security, but don’t forget that cybercriminals also have access to AI which they can use to launch more dangerous, targeted attacks in higher volumes thanks to automation.
"Ransomware is seen as a common threat these days and it is downplayed in the report, but daily headlines show how punishing it can be.
“NetWalker is one of the latest strains of ransomware which is now being used to target healthcare workers already under strain from the impact of COVID-19.
"To protect against all types of threats, security teams need to keep moving forward, adapting strategies to fit the current threat landscape and making sure often forgotten but crucial elements like Active Directory security are taken care of.
"Hopefully next year we’ll see more positive progress reported in the UK government’s 2021 findings.”