Cyber security breaches survey 2022

Jonathan Ashley, co-founder of etiCloud, outlines the key findings of the cyber security breaches survey 2022 and highlights the importance of implementing cyber essentials in order to prevent a cyberattack.

Man working at a creative office using his computer and people moving at the background

The latest cyber security breaches survey 2022 (30 March 2022) has revealed that 39% of UK businesses identified a cyberattack in the last 12 months.

The survey also highlighted the fact that enhanced cyber security leads to higher identification of such attacks and that organisations with a less mature cyber security measures may have a tendency to under-report.

What does the survey cover?

Now in its sixth consecutive year, the cyber security breaches survey is a government research study for UK cyber resilience.

Aligned with the national cyber strategy it helps to inform government policy on cybersecurity with the aim of making the UK cyber space a secure place in which to do business.

Exploring the various policies, processes and approaches to cybersecurity that businesses, charities and educational establishments have in place, it also takes into account the different types of cyberattack they have to face and the impact and response to them.

What are the most common types of cyberattack?

Phishing attempts at 83% accounted for the highest number of identified cyberattacks. Denial of service, malware and ransomware attacks stood at 21% but, despite its low prevalence, organisations referred to ransomware as a key threat.

Of the businesses taking part in the survey, 56% also stated that they had a policy not to pay ransoms.

How often were cyberattacks identified?

Perhaps one of the most alarming findings of this year’s survey is that of the organisations reporting cyberattacks, 31% of businesses and 26% of charities assessed that an attack took place at least once a week.

What’s more, one out of five businesses stated that they felt the attack resulted in a negative outcome and one third of businesses experienced at least one negative impact.

The financial impact of cyber attacks

Based on the material outcome – be that loss of money or data – the average estimated cost of all cyberattacks over the last 12 months equates to £4,200. However, that figure increases to £19,400 if only medium and large businesses are considered.

The caveat in this area is that there is still a lack of a standard framework for calculating the financial impact of a cyberattack so this has the potential to lead to underreporting.

Preventing a cyberattack

It was refreshing to read that 49% of the businesses participating in the survey had acted in five of the 10 areas outlined in the National Cyber Security Centre’s ‘10 Steps to Cyber Security’ but this needs to be 10 out of 10.

This guidance is specifically designed to help companies protect themselves in cyberspace and is great place to start if you haven’t already implemented a cybersecurity policy.

It is also well worth implementing cyber essentials, a scheme backed by government and industry that is designed to help organisations to protect themselves against a range of common cyberattacks.

The cyber essentials scheme facilitates the achievement of two levels of certification: cyber essentials and cyber essentials plus.

The first is a self-assessment option offering protection against the most common cyberattacks.

The latter is an extension of cyber essentials and demands the completion of a hands-on technical verification.

Maximise your Law Society membership with My LS