DCMS Cyber Security Breaches Survey signals shift in cyber resilience

The UK's Department for Digital, Culture, Media and Sport (DCMS) has released its annual Cyber Security Breaches Survey, acting as a pulse check on how organisations and charities across the UK are dealing with an evolving cyber security landscape.

This year’s survey, which forms part of the National Cyber Security Strategy (NCSS), found that almost half of businesses (46%) and a quarter of charities (26%) reported cyber security breaches or attacks in the last 12 months.

Of those that were targeted, the survey also revealed an increase of phishing attacks on organisations from 72% last year to 86%, and a fall in viruses or other malware from 33% to 16%, signaling a shift in attack methods used by threat actors.

Results also indicate that more businesses and charities across the UK are increasing their resilience to cyber attacks and are taking active steps towards enhancing this further in the future.

Katharina Sommer, head of public affairs at NCC Group commented: “Cyber resilience requires ongoing effort, and it will take time for organisations to shift internal culture and processes. The increase in the number of businesses prioritising cyber security since this survey was first introduced in 2016 is incredibly promising, and demonstrates that organisations are embracing the importance of cyber resilience as part of their day-to-day activities.

“While these statistics show that commonly used attack methods have changed over the last four years, they also highlight that organisations are better prepared and aware of the impact that a poor cyber security posture can have on the rest of the business.

“It’s also promising to see that organisations are looking to the wider industry for support. To take this even further, the government needs to work in tandem with industry experts to support and educate organisations so they can establish even greater maturity in their cyber resilience. This should include the proactive measures organisations can implement, such as full security audits, cyber insurance policies, assessing supplier risks and improving on breach reporting.

“All of this combined will help to ensure that these organisations, and the UK as a whole, is even more prepared to deal with evolving cyber threats.”