by Joe Hedegaard Ganly

Information Security Adviser

Joe Hedegaard Ganly

Government Cyber Security Breaches Survey 2019

In April 2018 The UK Government in conjunction with Ipsos MORI, has surveyed businesses and charities to find out they approach cyber security and help them learn more about the cyber security issues faced by industry.

The overwhelming majority of businesses and charities are reliant on online services, which exposes them to cyber security risks.

Virtually all UK businesses (98%) represented in the survey rely on some form of digital communication or services, such as staff email addresses, websites, online banking and the ability for customers to shop online.

Organisations of all sizes, and a substantive majority of large businesses have been breached or attacked. Those with more potential risk factors are also among the most likely to experience cyber security breaches or attacks.

The majority of businesses (56%) hold personal data on customers electronically. Among these, 47 per cent of businesses have experienced breaches or attacks. Breaches were more often identified among the organisations that hold personal data, where staff use personal devices for work or that use cloud computing.

Senior managers in most businesses and charities prioritise cyber security, but this is still not always matched by action or engagement from senior management teams.

Three-quarters of businesses (74%) say that cyber security is a high priority for their organisation’s senior management. The qualitative survey offers various insights into what makes cyber security a priority, linking it to an organisational culture, and engagement from senior managers: • Staff in organisations that used personal data were typically more aware of the impact that breaches could have on brands and reputation. • Where senior managers were seen to be interested in cyber security, those responsible tended to feel more empowered to take action. • Those that took more action on cyber security tended to see it as complementing rather than competing with their existing strategic priorities, for example by keeping key services running, protecting the finances or protecting reputations.

Organisations should seek out the latest information and guidance, which will help them to implement better cyber security.

Six in ten businesses (59%) have sought any information, advice or guidance in the last 12 months on the cyber security threats they face.

Conclusions

Cyber security is a high priority for most businesses, there are also indications that senior managers are more regularly engaged with the topic than in the 2017 survey. At the same time, there is still a lot that organisations can do better. Just five in ten businesses (51%) have implemented all of the five basic technical controls under Cyber Essentials, comprising: boundary firewalls and internet gateways, secure configurations, user access controls, malware protection, and patch management.

Increased support from senior managers can empower those in charge of cyber security. Despite this management boards for two in ten businesses (20%) have never discussed cyber security, and only a minority of organisations (30% of businesses) have board members or trustees specifically overseeing cyber security. The upcoming implementation of GDPR may be an opportunity for senior managers to address cyber security.

Information, advice and guidance needs to be highly tailored. The qualitative survey shows that businesses want advice that is directed at businesses like theirs. A large number of organisations do not have specialist staff to improve their cyber security, so need to have information simplified and in plain English. Others are much more sophisticated, and want updates on the latest threats.

Seapio help our customers to understand where they are today, we architect their security improvement plan, and guide them along the path to an improved security posture.

If you’ve any questions, we’ve got answers, give us a call.

Play
Play

Saepio's Security Essentials - Malware Prevention

A new video to highlight some of the key statistics from the UK Government 2018 Cyber Security Breaches Survey

Ransomware Protection Guide

It’s our job at Saepio to understand the latest tactics of miscreants in the cyber world and deliver appropriate protection to our customers. Presently, the most successful widespread and targeted attacks involve intelligent exploits to deliver malware often in the form of ransomware payloads.

Statistics show that 50% of organisations have experienced an infection and in 40% of cases the ransom is paid. It’s a profitable industry, therefore booming. Saepio offer objective advice and effective solutions to combat these threats.

Read more in our Ransomware Protection Guide.

Saepio's Guide to Trusted Access

You need to ensure that only the right people and the right devices have access to your valued systems and data, this becomes even more important if your estate includes public and private cloud applications.

A user name and password are no longer sufficient to ensure integrity of access, Multi-Factor authentication is the first step on the journey, and if you can also ensure that your devices are trusted and behaving then you’re on the right path and Single Sign On solutions move the game on further still.

With access, your users need to be bought in and happy with the controls you implement to ensure the project is a success. Whatever you do needs to be simple to use and not impact your users from doing their day job.

If you are working with a lot of cloud applications and a lot of personal devices, a CASB is recommended. These solutions can protect access and data across a broad area with a single platform.

Read more in Saepio’s Trusted Access Guide.

 

Incident, Detection and Response Guide

Security monitoring is a hot topic. It’s not ‘if, it’s ‘when’ you’ll face a cyber incident. Do what you can to Prevent, but get out of the dark with security monitoring to Detect incidents and Respond accordingly. If you want to take a proactive approach to security, Saepio’s solutions team encourage you to review Rapid7’s Insight suite of solutions for Vulnerability Management, Logging, Incident Detection & Response and Automation.

Read more in our Incident, Detection and Response Guide.