Cybersecurity breaches in UK prevalent but at relatively low level

30 November 2017 Consultancy.uk

Cybersecurity breaches continue to affect companies of all sizes across the UK, with 46% of recently surveyed firms detecting a breach in the past 12 months. The levels of disruption varied considerably among respondents, although few were driven to a halt for more than a day at a time.

A new report from the UK Government, titled 'Cybersecurity breaches survey 2017', explores the effect of cybersecurity breaches on businesses across UK. Cybersecurity concerns have mounted in recent years as more and more companies take up an online presence, while adversaries become increasingly sophisticated in terms of both social engineering and more technical attacks.

While the government has sought to better prepare the UK’s more than 1.3 million micro to large businesses from penetration, new research found that almost the majority of companies have experienced at least one breach in the past 12 months, highlighting continued concern for businesses across the spectrum.

Proportion of business

According to the study, around 46% of the businesses surveyed have identified a cybersecurity breach or attack in the last 12 months. Micro-businesses were seemingly the least interesting for attackers, with 38% noting an attack or breach in the past 12 months. Medium and large firms were more likely to identify an attack or breach, at 66% and 68% of respondents respectively.

Of the businesses that identified a breach in the past 12 months, fraudulent emails or being directed to a fraudulent website were the main vectors, as cited by 72% of respondents. The attack was also noted as the most disruptive, as stated by 43% of respondents. Viruses, spyware or malware were implicated in 33% of breaches, with 20% of respondents noting it as their biggest breach type.

Types of breaches identified

Ransomware, which includes the recent WannaCry attack, an attack which made global headlines, came in at 17% of breach types, with around half of those noting it as the most dominant disruption to their business. This followed impersonation from other organisations in emails or online, which was noted by 27% as an attack vector. Internal breaches were relatively uncommon, at 5% of respondents.

The impact of breaches varied considerably among UK enterprises. The biggest segment said that a breach was a wakeup call – to make them aware of the issue, prompting ‘new measures needed for future attacks’ (38%), followed by ‘added staff time to deal with breach or inform others’ (34%).

Impact of breaches

Business disruption was cited as an issue as well, with 23% of respondents reporting that staff had to stop carrying out daily work, while 19% said that it resulted in ‘other repair and recovery costs.' Only 4% cited a loss of revenue or share value, although a recent CGI report showed that hits to share prices can be lasting. Few companies reported fines, with Europe's GDPR directive still to come into force.

Low level breaches

Remarking on the report and the imminent GDPR regulation, Peter Gooch, Cyber Risk Partner and GDPR lead at Deloitte, said, “A key addition to this year’s report focusses on the GDPR and how FTSE 350 organisations assess their readiness. The standout figure – that only 6% of organisations believe they are completely prepared for their new obligations – indicates the amount of work still to be done. With less than a year to go before the regulation is in force, there is clearly a need to address this. Many boards will need to commit resources and time to focus on GDPR activities.”

Frequency of breaches

The breaches are relatively infrequent, with 37% of the enterprises reporting one attack in the past 12 months, while 25% cited less than one attack per month. A small number (9%) of businesses faces an attack per week, while 7% note that they need to deal with multiple attacks per day.

Large firms are more attractive to attackers, although this is reflected largely in the number of ‘less than one a month’ attacks, at 41%. For the higher attack frequencies, a smaller percentage of firms are at the top end, while 10% find an incoming attack once per week.

Time taken to recover

The disruptiveness of breaches varied. 57% of respondents said that the time taken to restore business operations back too normal after the (most disruptive) breach or attack took no time at all, while 23% said it took a day. 13% said it took less than a week to get back on their feet, while 7% said it took less than a month to more than a month. Large firms were more often the victims of attacks. However 34% noted minimal consequences, as a breach saw them loose less than a day’s work on resolving the matter.