2021 Cyber Security Breaches Survey – Roundup
In the day-to-day running of a business various forms of technology will be used and this means that organisations are potentially subjected to cyber-attacks more often than they would like, unless they take steps to prevent and protect themselves. 2021 saw a slight dip in the rate of organisations that prioritise cyber-security with 77 per cent of businesses now rating cyber-security as a high priority.
While workplace technology can certainly provide a wide range of benefits to organisations, the risks that come with greater implementation are significant. In the past year, 39 per cent of businesses and 26 per cent of charities have experienced a data breach or cyber-attack.
It’s worth noting that the coronavirus pandemic has also had an impact on cyber-security. COVID-19 forced many organisations to improvise and expand their use of technology to accommodate remote work arrangements. Even though the conditions surrounding COVID-19 may now make it possible for workers to return to a traditional work environment, remote work is still expected to continue in many cases.
Remote workers may be seen as easier targets for cyber-criminals, but many organisations have not yet taken the necessary steps to protect themselves from these new or enhanced cyber-threats. In the past 12 months, only 35 per cent of businesses deployed security monitoring tools compared with 40 per cent in the preceding year. Similarly, only 32 per cent utilised any form of user monitoring compared with 38 per cent previously. Furthermore, the percentage of both businesses and charities that have up-to-date malware protection has decreased from 88 to 83 per cent and 78 to 69 per cent, respectively.
With these results in mind, Sutcliffe & Co. Insurance Brokers is proud to present our summary of the 2021 Cyber Security Breaches Survey, commissioned by the Department for Digital, Culture, Media & Sport as part of the National Cyber Security Programme.
The impact of a cyber-attack on businesses.
In 2021 alone, businesses are 49% likely to have a breach at least once a month – this means regular disruption.
Breaches will leave a company exposed as well as having a negative impact on day-to-day working duties such as temporary loss or access to files, website or online services slower or taken down, software or systems corrupted or damaged and money stolen. In addition, the stress and strain that it will have on the CEO, senior leadership team, wider staff and customers.
The three most disruptive breaches in the last 12 months are:
- Phishing – a staggering 67% of businesses have been subject to phishing
- Impersonation through emails or online – 27% of business reported this as a common cyber attack.
- Viruses, spyware, malware or ransomware – 7% of businesses have been affected, however this is a very stressful attack as your whole systems are being held hostage or unusable.
How responsive are businesses to a breach?
71% of businesses were able to resolve the issues within no time, conversely 4% of businesses took between 1 and 7 days to resolve and 18% of businesses said that it took them 24 hours to be back up and running following a cyber attack.
There are three most common procedures used by businesses to respond to a breach:
- Attempting to identify the source of the incident
- Debriefing to log of any lessons learned
- Assigning roles and responsibilities to specific individuals
Surprisingly, only 29% of businesses reported their most disruptive breach to an external body other than their cyber-security provider and only 36% of businesses formally log cyber-incidents.
How can you protect your business?
It can take time to sort out unless you have put the plans into place to deal with a potential cyber attack. Remember, prevention is better than cure here. It is important to beware of the risks against you and put measures in place beforehand to ward off any cyber attacks.
In response to experiencing a breach, 62% of businesses have taken steps to protect their organisation from future attacks. These efforts include:
- Additional staff training and communications
- Installed, changed or updated antivirus or anti-malware software
- Changed or updated firewall or systems configurations
Cyber security controls and policies
Organisations have implemented many different controls to bolster their cyber-security. The most common controls identified in the 2021 survey include:
- Using firewalls that cover the entire IT network, as well as individual devices
- Having up-to-date malware protection
- Enforcing a password policy that ensures that users select strong passwords
- Backing up data securely using a cloud service
Although important, only 33% of businesses have a formal policy or policies covering cyber-security risks. These included:
- How data is supposed to be stored
- What staff are permitted to do on their organisations IT
- How remote or mobile working affects cyber-security
- What can be stored on removeable devices such as a USB.
In order to stay ahead of the game, regular reviews of your cyber-security of at least six or twelve months is required. 42% of organisations conduct a review within six months with 14% of businesses conducting a review of their policies within the last year.
The Government’s ‘10 Steps to Cyber-security.’ (https://www.ncsc.gov.uk/collection/10-steps) is guidance on how organisations can protect themselves in cyberspace. Also Cyber Essentials can help you to guard your organisation, read more here… https://www.ncsc.gov.uk/cyberessentials/overview .
50% of businesses have implemented at least five of the government’s steps. This represents a 19% drop for businesses from 2020. Just 4% of businesses have said that they have implemented all 10 steps into their organisation.
Cyber-Insurance – the facts
Cyber-insurance is not just for large organisations that deal with finance. It is for all types and sizes of businesses. Cyber-insurance can be included as a wider policy or organisations can opt for a specific cyber-insurance policy. 43% of businesses are insured against cyber-risks in some way.
There are organisations where cyber insurance cover is more prevalent than others such as the financial sector, where 60% of businesses have appropriate cover, 57% of organisations in the information and communications sector have cover, 53% of organisations in the health, social care and social work sector have cover and 53% of organisations in the professional, scientific and technical sector have cover.
Top reasons to invest in cyber-security.
- Protect consumer and customer data
- Protect trade secrets, intellectual property and other assets.
- Prevent fraud or theft.
- Promote business continuity.
- Protect the organisation’s reputation
- Comply with data protection laws.
- Protect against viruses.
- Protect remote employees.
Government research suggests that cyber-insurance provides solutions for the following range of cyber-risks:
- Privacy events
- Network security liability
- Network business interruption
- Physical asset damage
- Reputational damage
For more information on cyber insurance call 01905 21681 or alternatively email Enquiries@sutcliffeinsurance.co.uk.