Executive Summary

The latest UK Government cyber security breaches survey has found that over half of businesses (50%) and a third of charities (32%) have suffered a cyber breach within the last 12 months. This rises to 70% for medium businesses and 66% for charities with over £500,000 in annual income. Phishing held the crown for the most predominant, impacting a significant 84% of businesses, followed by impersonation of organisations in emails or online (35% of businesses and 37% of charities). Despite the likelihood of an attack occurring, 78% of organisations remained without a formal incident response plan.

What’s the risk?

The largest impacts from being breached included: added staff time, staff prevented from carrying out daily work, repair or recovery costs, complaints from customers and loss of revenue or share value. When it came to reporting such breaches, a concerningly low 5% of businesses had informed clients and customers. Organisations must consider this, as this could mean that their supply chain has been breached without them even knowing.

The survey found that of those who had been impacted by a breach, 59% of businesses and 70% of charities reported taking action to prevent further breaches. The most common action taken to prevent further breaches for both was additional staff training. The findings highlight the importance and crucial role of staff in your organisation’s cyber security efforts.

Worryingly, despite finding that overall findings showing 80% of business run training consistently, 52% of medium businesses and only 18% of charities overall had run training sessions in the last 12 months. This figure rose to 74% for large businesses. Clearly, with the two highest causes of breaches targeting the human factor, effective and regular training to keep up to date with emerging tactics must be a top concern for organisations.

What can I do?

It is one thing to regularly run training, but it is another to make sure that training is engaging and beneficial for staff, including those at a senior level. Our training sessions are run by our cyber experts, who work with firms day in and day out to help businesses protect themselves against the latest threats. We demystify cyber security and help your employees and your leadership team to understand the risks they face in their working lives and how to protect your company.

Cyber is a matter of when, not if, and you need to have a plan. No-one wants to be improvising their security response in the event of a real cyber incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

The UK Government Cyber Breaches Survey 2024 can be found below:

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity